CVE-2018-10756
HIGHTransmission < 3.00 - Use-After-Free via Crafted Torrent File
Title source: llmDescription
Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file.
References (7)
Core 7
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e
Exploit, Mitigation, Vendor Advisory x_refsource_misc
https://tomrichards.net/2020/05/cve-2018-10756-transmission/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVAG2HNKNRLWOACFN5F2ANJD2SQ53WI7/
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/05/msg00022.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CD3GLZ5URIK74RCGLSH72IVLDIJJMLQC/
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202007-07
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/08/msg00001.html
Scores
CVSS v3
7.8
EPSS
0.0263
EPSS Percentile
83.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (5)
debian/debian_linux
8.0
debian/debian_linux
9.0
fedoraproject/fedora
31
fedoraproject/fedora
32
transmissionbt/transmission
< 3.00
Published
May 15, 2020
Tracked Since
Feb 18, 2026