Vulnerability Details CVE-2015-5685
The lazy_bdecode function in BitTorrent DHT bootstrap server (bootstrap-dht ) allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.066
EPSS Ranking 90.9%
CVSS Severity
CVSS v2 Score 7.5
References
- http://www.zerodayinitiative.com/advisories/ZDI-15-366/
- http://www.zerodayinitiative.com/advisories/ZDI-15-367/
- https://github.com/bittorrent/bootstrap-dht/commit/e809ea80e3527e32c40756eddd8b2ae44bc3af1a
- http://www.zerodayinitiative.com/advisories/ZDI-15-366/
- http://www.zerodayinitiative.com/advisories/ZDI-15-367/
- https://github.com/bittorrent/bootstrap-dht/commit/e809ea80e3527e32c40756eddd8b2ae44bc3af1a
Products affected by CVE-2015-5685
-
cpe:2.3:a:bittorrent:bootstrap-dht:-