CVE-2018-10756

Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file.

References

Affected packages

Git / github.com/transmission/transmission

Affected ranges

Type: GIT
Repo: https://github.com/transmission/transmission
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2123adf8e5e1c2b48791f9d22fc8c747e974180e

Affected versions

0.*

0.5

0.6

0.7

0.80

1.*

1.06

1.10

1.11

1.20

1.21

1.22

1.31

1.32

1.40

1.60

1.61

1.70

1.71

1.72

1.73

1.74

1.80

1.80b5

1.81

1.82

1.83

1.90

1.91

2.*

2.00

2.10

2.11

2.12

2.13

2.20

2.20b1

2.20b2

2.20b3

2.20b4

2.21

2.30

2.30b1

2.30b2

2.30b3

2.30b4

2.31

2.32

2.33

2.40

2.40b1

2.40b2

2.40b3

2.50

2.50b1

2.51

2.52

2.60

2.61

2.70

2.71

2.72

2.73

2.74

2.80

2.81

2.82

2.83

2.90

2.91

2.92

2.93

2.94

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e",
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2018-10756-3e0a8003",
        "target": {
            "function": "nodeDestruct",
            "file": "libtransmission/variant.c"
        },
        "digest": {
            "length": 134.0,
            "function_hash": "194995719330406091812826183943619373024"
        },
        "signature_type": "Function"
    },
    {
        "source": "https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e",
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2018-10756-c2cb0d50",
        "target": {
            "file": "libtransmission/variant.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "205341425966775455266947803454072864342",
                "186298122512339726067490783789045647475",
                "241841024893850238989383601383399329181",
                "297769203373723619936908509348520953877",
                "16281207192845962926434539192494503102",
                "36661329408352694312598255970400150267",
                "165787236079533757607666994787189528202",
                "170735048636454511546035620715548904480",
                "196854580085047319841680633566985729845",
                "148621558390534263943533350062913747949",
                "237725762747458195177517906863083938719",
                "177690536450336511186038219104097524502",
                "190178365917296507824607380120311876405",
                "70417715182752542784090011700410117285",
                "19387239828159012246949123632929771867",
                "310215334520923315609818534253902234510",
                "120906795045880473082725910541673206916",
                "152960111655223256145355087776338936205",
                "281845614597655727281794179635007353388",
                "187469731113895534418159046986519023829",
                "164995996755799471948723899102297508332",
                "214147291582426748995512608869030643900",
                "89361456510166854025102894971283044538",
                "335857462444111579407503361944048457622",
                "28846016962681830002232241096011907321",
                "172493778502767576802886301696417933935"
            ]
        },
        "signature_type": "Line"
    },
    {
        "source": "https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e",
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2018-10756-eb8dba84",
        "target": {
            "function": "nodeConstruct",
            "file": "libtransmission/variant.c"
        },
        "digest": {
            "length": 771.0,
            "function_hash": "17388500939090276674131285024898318880"
        },
        "signature_type": "Function"
    }
]