1343364 – (CVE-2016-5301) CVE-2016-5301 libtorrent: Crash while parsing invalid chunked HTTP or UPnP response

Bug 1343364 (CVE-2016-5301) - CVE-2016-5301 libtorrent: Crash while parsing invalid chunked HTTP or UPnP response

Summary: CVE-2016-5301 libtorrent: Crash while parsing invalid chunked HTTP or UPnP re...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2016-5301
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1343365 1343366
Blocks:
TreeView+	depends on / blocked

Reported:	2016-06-07 08:31 UTC by Andrej Nemec
Modified:	2019-09-29 13:50 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2016-08-10 20:43:48 UTC
Embargoed:

Attachments	(Terms of Use)

Description Andrej Nemec 2016-06-07 08:31:01 UTC

A vulnerability was found in libtorrent. A specially crafted HTTP response from a tracker (or potentially a UPnP broadcast) can crash libtorrent in the parse_chunk_header() function.


Upstream bug:

https://github.com/arvidn/libtorrent/issues/780

Upstream fix:

https://github.com/arvidn/libtorrent/pull/782

Comment 1 Andrej Nemec 2016-06-07 08:31:44 UTC

Created libtorrent tracking bugs for this issue:

Affects: fedora-all [bug 1343365]
Affects: epel-all [bug 1343366]

Comment 2 Denis Fateyev 2016-08-10 20:43:48 UTC

This bug relates to a different project [1,2] which is also known as "Rasterbar Libtorrent". That project has nothing to do with Libtorrent by Rakshasa [3] which is provided by "libtorrent" package. The projects name similarity can be confusing indeed.

[1] https://github.com/arvidn/libtorrent

[2] http://libtorrent.org/

[3] https://github.com/rakshasa/libtorrent/

Note You need to log in before you can comment on or make changes to this bug.