CVE-2009-1760
libtorrent-rasterbar - denial of service
EPSS 0.84%
Description
Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge Torrent, and other applications, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) and partial relative pathname in a Multiple File Mode list element in a .torrent file.
How to fix CVE-2009-1760
To remediate CVE-2009-1760, upgrade the affected package to a fixed version below.
- Debian/libtorrent-rasterbar—upgrade to 0.14.4-1 or later
- —upgrade to 0.13.1-2+lenny1 or later
Is CVE-2009-1760 being exploited?
Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.14.4-1
- from 0, < 0.13.1-2+lenny1