oss-sec mailing list archives

CVE Request : Libtorrent 1.1.0 inflate_gzip denial of service

From: yi <yi () yshi me>
Date: Thu, 8 Sep 2016 00:22:55 +0200

Hi list,

I recently opened a bug on "Libtorrent 1.1.0" regarding malformed GZIP
encoded responses that causes  denial of service.

For example, an attacker-controlled torrent tracker can crash victim torrent 
clients by sending malformed GZIP responses.

This bug has been fixed by the maintainer in master and the branch RC_1_1:

https://github.com/arvidn/libtorrent/issues/1021

https://github.com/arvidn/libtorrent/pull/1022

I also tested the bug with two "Libtorrent based" softwares :
qBittorrent and Deluge. Both of them were affected and crashed on
receiving the malformed response.

Attachment: 0x0443D821.asc
Description:

Current thread:

CVE Request : Libtorrent 1.1.0 inflate_gzip denial of service yi (Sep 07)
- Re: CVE Request : Libtorrent 1.1.0 inflate_gzip denial of service cve-assign (Sep 07)