Stack-based buffer overflows in Transmission may allow for remote execution of arbitrary code.
Package | net-p2p/transmission on all architectures |
---|---|
Affected versions | < 1.92 |
Unaffected versions | >= 1.92 |
Transmission is a cross-platform BitTorrent client.
Multiple stack-based buffer overflows in the tr_magnetParse() function in libtransmission/magnet.c have been discovered.
A remote attacker could cause a Denial of Service or possibly execute arbitrary code via a crafted magnet URL with a large number of tr or ws links.
There is no known workaround at this time.
All Transmission users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-p2p/transmission-1.92"
Release date
June 01, 2010
Latest revision
June 01, 2010: 01
Severity
normal
Exploitable
remote
Bugzilla entries