CVE-2014-8509

BitTorrent bootstrap-dht - Remote Code Execution via Crafted Packet

Title source: llm
STIX 2.1

Description

The lazy_bdecode function in BitTorrent bootstrap-dht (aka Bootstrap) allows remote attackers to execute arbitrary code via a crafted packet, which triggers an out-of-bounds read, related to "Improper Indexing."

References (3)

Core 3
Core References
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-14-370/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/70812

Scores

EPSS 0.0512
EPSS Percentile 91.4%

Details

CWE
CWE-119
Status published
Products (1)
bittorrent/bootstrap-dht
Published Oct 31, 2014
Tracked Since Feb 18, 2026