Vulnerability Description
Buffer overflow in (1) BitTorrent 6.0 and earlier; and (2) uTorrent 1.7.5 and earlier, and 1.8-alpha-7834 and earlier in the 1.8.x series; on Windows allows remote attackers to cause a denial of service (application crash) via a long Unicode string representing a client version identifier.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bittorrent | Bittorrent | <= 6.0 |
| Utorrent | Utorrent | <= 1.7.5 |
Related Weaknesses (CWE)
References
- http://aluigi.altervista.org/adv/ruttorrent-adv.txtExploit
- http://aluigi.org/poc/ruttorrent.zip
- http://download.utorrent.com/1.7.6/utorrent-1.7.6.txt
- http://forum.utorrent.com/viewtopic.php?id=29330
- http://secunia.com/advisories/28533
- http://secunia.com/advisories/28537
- http://securityreason.com/securityalert/3554
- http://www.securityfocus.com/archive/1/486426/100/0/threaded
- http://www.securityfocus.com/bid/27321ExploitPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39719
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39720
- http://aluigi.altervista.org/adv/ruttorrent-adv.txtExploit
- http://aluigi.org/poc/ruttorrent.zip
- http://download.utorrent.com/1.7.6/utorrent-1.7.6.txt
- http://forum.utorrent.com/viewtopic.php?id=29330
FAQ
What is CVE-2008-0364?
CVE-2008-0364 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Buffer overflow in (1) BitTorrent 6.0 and earlier; and (2) uTorrent 1.7.5 and earlier, and 1.8-alpha-7834 and earlier in the 1.8.x series; on Windows allows remote attackers to cause a denial of servi...
How severe is CVE-2008-0364?
CVE-2008-0364 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0364?
Check the references section above for vendor advisories and patch information. Affected products include: Bittorrent Bittorrent, Utorrent Utorrent.