CVE - CVE-2014-4909

CVE-ID
CVE-2014-4909	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MLIST:[oss-security] 20140710 CVE request: transmission peer communication vulnerability URL:http://www.openwall.com/lists/oss-security/2014/07/10/4 MLIST:[oss-security] 20140711 Re: CVE request: transmission peer communication vulnerability URL:http://www.openwall.com/lists/oss-security/2014/07/11/5 MISC:http://inertiawar.com/submission.go MISC:https://twitter.com/benhawkes/statuses/484378151959539712 CONFIRM:https://bugs.gentoo.org/show_bug.cgi?id=516822 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1118290 CONFIRM:https://trac.transmissionbt.com/wiki/Changes#version-2.84 DEBIAN:DSA-2988 URL:http://www.debian.org/security/2014/dsa-2988 FEDORA:FEDORA-2014-8331 URL:http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135539.html SUSE:openSUSE-SU-2014:0980 URL:http://lists.opensuse.org/opensuse-updates/2014-08/msg00011.html UBUNTU:USN-2279-1 URL:http://www.ubuntu.com/usn/USN-2279-1 BID:68487 URL:http://www.securityfocus.com/bid/68487 OSVDB:108997 URL:http://www.osvdb.org/108997 SECUNIA:59897 URL:http://secunia.com/advisories/59897 SECUNIA:60108 URL:http://secunia.com/advisories/60108 SECUNIA:60527 URL:http://secunia.com/advisories/60527
Assigning CNA
N/A
Date Entry Created
20140711	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20140711)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org