Candidate: CVE-2016-5301 PublicDate: 2016-06-30 17:59:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5301 Description: The parse_chunk_header function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service (crash) via a crafted (1) HTTP response or possibly a (2) UPnP broadcast. Ubuntu-Description: It was discovered that libtorrent improperly handles chunked headers. A remote Attacker could possibly use this to cause a crash resulting in a denial of service. Notes: Bugs: https://github.com/arvidn/libtorrent/issues/780 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=826380 Priority: medium Discovered-by: Assigned-to: CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH] Patches_libtorrent-rasterbar: upstream: https://github.com/arvidn/libtorrent/pull/782 upstream_libtorrent-rasterbar: released (1.1.0-1) precise_libtorrent-rasterbar: released (0.15.10-1+deb7u1build0.12.04.1) precise/esm_libtorrent-rasterbar: DNE (precise was released [0.15.10-1+deb7u1build0.12.04.1]) trusty_libtorrent-rasterbar: ignored (reached end-of-life) trusty/esm_libtorrent-rasterbar: DNE (trusty was needed) vivid/stable-phone-overlay_libtorrent-rasterbar: DNE vivid/ubuntu-core_libtorrent-rasterbar: DNE wily_libtorrent-rasterbar: ignored (reached end-of-life) xenial_libtorrent-rasterbar: ignored (end of standard support, was needed) yakkety_libtorrent-rasterbar: ignored (reached end-of-life) zesty_libtorrent-rasterbar: ignored (reached end-of-life) artful_libtorrent-rasterbar: ignored (reached end-of-life) bionic_libtorrent-rasterbar: not-affected (1.1.0-1) cosmic_libtorrent-rasterbar: not-affected (1.1.0-1) disco_libtorrent-rasterbar: not-affected (1.1.0-1) eoan_libtorrent-rasterbar: not-affected (1.1.0-1) focal_libtorrent-rasterbar: not-affected (1.1.0-1) groovy_libtorrent-rasterbar: not-affected (1.1.0-1) hirsute_libtorrent-rasterbar: not-affected impish_libtorrent-rasterbar: not-affected jammy_libtorrent-rasterbar: not-affected devel_libtorrent-rasterbar: not-affected