CVE - CVE-2014-4909

CVE-ID
CVE-2014-4909	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:68487 URL:http://www.securityfocus.com/bid/68487 CONFIRM:https://bugs.gentoo.org/show_bug.cgi?id=516822 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1118290 CONFIRM:https://trac.transmissionbt.com/wiki/Changes#version-2.84 DEBIAN:DSA-2988 URL:http://www.debian.org/security/2014/dsa-2988 FEDORA:FEDORA-2014-8331 URL:http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135539.html MISC:http://inertiawar.com/submission.go MISC:https://twitter.com/benhawkes/statuses/484378151959539712 MLIST:[oss-security] 20140710 CVE request: transmission peer communication vulnerability URL:http://www.openwall.com/lists/oss-security/2014/07/10/4 MLIST:[oss-security] 20140711 Re: CVE request: transmission peer communication vulnerability URL:http://www.openwall.com/lists/oss-security/2014/07/11/5 OSVDB:108997 URL:~~http://www.osvdb.org/108997~~ (Obsolete source) SECUNIA:59897 URL:http://secunia.com/advisories/59897 SECUNIA:60108 URL:http://secunia.com/advisories/60108 SECUNIA:60527 URL:http://secunia.com/advisories/60527 SUSE:openSUSE-SU-2014:0980 URL:http://lists.opensuse.org/opensuse-updates/2014-08/msg00011.html UBUNTU:USN-2279-1 URL:http://www.ubuntu.com/usn/USN-2279-1
Assigning CNA
MITRE Corporation
Date Record Created
20140711	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20140711)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)