Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 208854 - net-libs/rb_libtorrent < 0.12.1 "bdecode_recursive()" Stack Overflow Vulnerability
Summary: net-libs/rb_libtorrent < 0.12.1 "bdecode_recursive()" Stack Overflow Vulnerab...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/28699/
Whiteboard: B3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-02-04 14:39 UTC by Tobias Heinlein (RETIRED)
Modified: 2008-02-23 18:12 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tobias Heinlein (RETIRED) gentoo-dev 2008-02-04 14:39:50 UTC 
Secunia:

A vulnerability has been reported in Rasterbar Software libtorrent, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the "bdecode_recursive()" function in include/libtorrent/bencode.hpp when processing certain bencoded data. This can be exploited to cause a stack overflow and crash an application using the library by sending specially crafted bencoded messages.

The vulnerability is reported in versions prior to 0.12.1.

Solution:
Update to version 0.12.1.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://libtorrent.svn.sourceforge.net...p?r1=956&r2=1968&pathrev=1968
Comment 1 Tobias Heinlein (RETIRED) gentoo-dev 2008-02-04 14:44:02 UTC 
Ebuild is already in the tree. Arches, please stabilize net-libs/rb_libtorrent-0.12.1, target keywords are: "amd64 x86 ~x86-fbsd".
Comment 2 Dawid Węgliński (RETIRED) gentoo-dev 2008-02-04 15:32:13 UTC 
x86 stable
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2008-02-05 13:17:31 UTC 
Adding release@
Comment 4 Samuli Suominen (RETIRED) gentoo-dev 2008-02-05 15:48:04 UTC 
amd64 stable
Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2008-02-10 14:54:19 UTC 
This one is ready for GLSA vote. I vote NO.
Comment 6 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-02-10 15:38:04 UTC 
voting NO too, and closing.
Comment 7 Peter Volkov (RETIRED) gentoo-dev 2008-02-23 18:12:35 UTC 
Fixed in release snapshot.