oss-sec mailing list archives
CVE Request : Libtorrent 1.1.0 inflate_gzip denial of service
From: yi <yi () yshi me>
Date: Thu, 8 Sep 2016 00:22:55 +0200
Hi list, I recently opened a bug on "Libtorrent 1.1.0" regarding malformed GZIP encoded responses that causes denial of service. For example, an attacker-controlled torrent tracker can crash victim torrent clients by sending malformed GZIP responses. This bug has been fixed by the maintainer in master and the branch RC_1_1: https://github.com/arvidn/libtorrent/issues/1021 https://github.com/arvidn/libtorrent/pull/1022 I also tested the bug with two "Libtorrent based" softwares : qBittorrent and Deluge. Both of them were affected and crashed on receiving the malformed response.
Attachment:
0x0443D821.asc
Description:
Current thread:
- CVE Request : Libtorrent 1.1.0 inflate_gzip denial of service yi (Sep 07)
- Re: CVE Request : Libtorrent 1.1.0 inflate_gzip denial of service cve-assign (Sep 07)