CVE-2008-0364 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0364): Buffer overflow in (1) BitTorrent 6.0 and earlier; and (2) uTorrent 1.7.5 and earlier, and 1.8-alpha-7834 and earlier in the 1.8.x series; on Windows allows remote attackers to cause a denial of service (application crash) via a long Unicode string representing a client version identifier.
The advisory and CVE entry states versions prior to 6.0 (including our 5.0.9) might also be affected. I could not reproduce this issue with the exploits included with the advisory. Net-p2p, have you heard anything from upstream about this? Can you reproduce (maybe on x86)?
"on Windows allows remote attackers to cause a denial of service" Windows only?
Oh well, bittorrent-6.0 is based on utorrent, and this looks like its from utorrent, so the linux version(at least 5.0.x) is not affected.
I understood that that "on Windows" part was related to utorrent, which is only available on Windows. Luigis's advisory states: "Mac and Linux (both available only on BitTorrent) have not been tested". I can't reproduce this here, maybe you can confirm this, too?
(In reply to comment #3) > Oh well, bittorrent-6.0 is based on utorrent, and this looks like its from > utorrent, so the linux version(at least 5.0.x) is not affected. Ok, thanks for the clarification.