Bittorrent Bittorrent 4.1.8

This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

	Date	Alert	Description
5	2009-09-04	CVE-2008-7166	Buffer overflow in the web interface in BitTorrent 6.0.1 (build 7859) and earlier, and uTorrent 1.7.6 (build 7859) and earlier, allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted Range header. NOTE: this is probably a different vulnerability than CVE-2008-0071 and CVE-2008-0364.
9.3	2008-10-03	CVE-2008-4434	Stack-based buffer overflow in (1) uTorrent 1.7.7 build 8179 and earlier and (2) BitTorrent 6.0.3 build 8642 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Created By field in a .torrent file.
4.3	2008-06-16	CVE-2008-0071	The Web UI interface in (1) BitTorrent before 6.0.3 build 8642 and (2) uTorrent before 1.8beta build 10524 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a malformed Range header.
5	2008-01-18	CVE-2008-0364	Buffer overflow in (1) BitTorrent 6.0 and earlier; and (2) uTorrent 1.7.5 and earlier, and 1.8-alpha-7834 and earlier in the 1.8.x series; on Windows allows remote attackers to cause a denial of service (application crash) via a long Unicode string representing a client version identifier.

%	id	Name
75% (3)	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer
25% (1)	CWE-20	Improper Input Validation

id	Description
47585	BitTorrent .torrent File created by Field Handling Overflow
47584	uTorrent .torrent File created by Field Handling Overflow
46213	BitTorrent Web UI Malformed HTTP Range Header DoS
46212	uTorrent Web UI Malformed HTTP Range Header DoS
42826	BitTorrent Web UI HTTP Request Range Header Processing DoS
42825	uTorrent Web UI HTTP Request Range Header Processing Overflow
40367	uTorrent Peer Window Client DoS
40366	BitTorrent Peer Window Client DoS