CVE-2020-8437

HIGH

BitTorrent uTorrent <3.5.5 - DoS

Title source: llm

Description

The bencoding parser in BitTorrent uTorrent through 3.5.5 (build 45505) misparses nested bencoded dictionaries, which allows a remote attacker to cause a denial of service.

Exploits (2)

nomisec STUB 11 stars

by mavlevin · poc

https://github.com/mavlevin/uTorrent-CVE-2020-8437

View Code ZIP pw:eip

inthewild STUB

poc

https://github.com/guywhataguy/utorrent-cve-2020-8437

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory] https://blog.whtaguy.com/2020/09/utorrent-cve-2020-8437-vulnerability.html

[Vendor Advisory] https://forum.utorrent.com/forum/13-announcements/

[Third Party Advisory] https://twitter.com/va_start

[Release Notes, Vendor Advisory] https://utclient.utorrent.com/offers/beta_release_notes/release_notes.html

Scores

CVSS v3 7.5

EPSS 0.1816

EPSS Percentile 95.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (1)

bittorrent/utorrent < 3.5.5

Published Mar 02, 2020

Tracked Since Feb 18, 2026