Candidate: CVE-2017-9847
PublicDate: 2017-06-24 17:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9847
 https://github.com/arvidn/libtorrent/issues/2099
Description:
 The bdecode function in bdecode.cpp in libtorrent 1.1.3 allows remote
 attackers to cause a denial of service (heap-based buffer over-read and
 application crash) via a crafted file.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865845
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]

Patches_libtorrent-rasterbar:
upstream_libtorrent-rasterbar: released (1.1.4-1)
precise/esm_libtorrent-rasterbar: DNE
trusty_libtorrent-rasterbar: ignored (reached end-of-life)
trusty/esm_libtorrent-rasterbar: DNE (trusty was needed)
vivid/ubuntu-core_libtorrent-rasterbar: DNE
xenial_libtorrent-rasterbar: ignored (end of standard support, was needed)
yakkety_libtorrent-rasterbar: ignored (reached end-of-life)
zesty_libtorrent-rasterbar: ignored (reached end-of-life)
artful_libtorrent-rasterbar: ignored (reached end-of-life)
bionic_libtorrent-rasterbar: not-affected (1.1.5-1build1)
cosmic_libtorrent-rasterbar: not-affected (1.1.5-1build1)
disco_libtorrent-rasterbar: not-affected (1.1.5-1build1)
eoan_libtorrent-rasterbar: not-affected (1.1.5-1build1)
focal_libtorrent-rasterbar: not-affected (1.1.5-1build1)
groovy_libtorrent-rasterbar: not-affected (1.1.5-1build1)
hirsute_libtorrent-rasterbar: not-affected
impish_libtorrent-rasterbar: not-affected
jammy_libtorrent-rasterbar: not-affected
devel_libtorrent-rasterbar: not-affected