CVE-2018-10756

HIGH

Transmission < 3.00 - Use-After-Free via Crafted Torrent File

Title source: llm
STIX 2.1

Description

Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file.

References (7)

Core 7
Core References
Exploit, Mitigation, Vendor Advisory x_refsource_misc
https://tomrichards.net/2020/05/cve-2018-10756-transmission/
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/05/msg00022.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202007-07
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/08/msg00001.html

Scores

CVSS v3 7.8
EPSS 0.0263
EPSS Percentile 83.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (5)
debian/debian_linux 8.0
debian/debian_linux 9.0
fedoraproject/fedora 31
fedoraproject/fedora 32
transmissionbt/transmission < 3.00
Published May 15, 2020
Tracked Since Feb 18, 2026