Vendor
Bittorrent
Products
3
CVEs
9
Across products
9
Status
Private
Products
3- 6 CVEs
- 2 CVEs
- 1 CVE
Recent CVEs
9| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2008-4434 | 0.05 | — | 0.26 | Oct 3, 2008 | Stack-based buffer overflow in (1) uTorrent 1.7.7 build 8179 and earlier and (2) BitTorrent 6.0.3 build 8642 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Created By field in a .torrent file. | ||
| CVE-2008-0071 | 0.04 | — | 0.12 | Jun 16, 2008 | The Web UI interface in (1) BitTorrent before 6.0.3 build 8642 and (2) uTorrent before 1.8beta build 10524 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a malformed Range header. | ||
| CVE-2008-0364 | 0.03 | — | 0.06 | Jan 18, 2008 | Buffer overflow in (1) BitTorrent 6.0 and earlier; and (2) uTorrent 1.7.5 and earlier, and 1.8-alpha-7834 and earlier in the 1.8.x series; on Windows allows remote attackers to cause a denial of service (application crash) via a long Unicode string representing a client version identifier. | ||
| CVE-2015-5685 | 0.01 | — | 0.07 | Aug 13, 2015 | The lazy_bdecode function in BitTorrent DHT bootstrap server (bootstrap-dht ) allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing." | ||
| CVE-2014-8509 | 0.01 | — | 0.08 | Oct 31, 2014 | The lazy_bdecode function in BitTorrent bootstrap-dht (aka Bootstrap) allows remote attackers to execute arbitrary code via a crafted packet, which triggers an out-of-bounds read, related to "Improper Indexing." | ||
| CVE-2015-5474 | 0.00 | — | 0.01 | Aug 13, 2015 | BitTorrent and uTorrent allow remote attackers to inject command line parameters and execute arbitrary commands via a crafted URL using the (1) bittorrent or (2) magnet protocol. | ||
| CVE-2015-2846 | 0.00 | — | 0.02 | Apr 13, 2015 | BitTorrent Sync allows remote attackers to execute arbitrary commands via a crafted btsync: link. | ||
| CVE-2014-8515 | 0.00 | — | 0.01 | Dec 12, 2014 | The web interface in BitTorrent allows remote attackers to execute arbitrary commands by leveraging knowledge of the pairing values and a crafted request to port 10000. | ||
| CVE-2008-7166 | 0.00 | — | 0.01 | Sep 4, 2009 | Buffer overflow in the web interface in BitTorrent 6.0.1 (build 7859) and earlier, and uTorrent 1.7.6 (build 7859) and earlier, allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted Range header. NOTE: this is probably a different vulnerability than CVE-2008-0071 and CVE-2008-0364. |