CVE-2016-5301

Priority
Description
The parse_chunk_header function in libtorrent before 1.1.1 allows remote
attackers to cause a denial of service (crash) via a crafted (1) HTTP
response or possibly a (2) UPnP broadcast.
Ubuntu-Description
It was discovered that libtorrent improperly handles chunked headers. A
remote Attacker could possibly use this to cause a crash resulting in a
denial of service.
Notes
Package
Upstream:released (1.1.0-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was released [0.15.10-1+deb7u1build0.12.04.1])
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.1.0-1)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (1.1.0-1)
Ubuntu 20.10 (Groovy Gorilla):not-affected (1.1.0-1)
Patches:
Upstream:https://github.com/arvidn/libtorrent/pull/782
More Information

Updated: 2020-09-09 20:50:21 UTC (commit b67d7d8b03f173f825cd706df5bd078bca500b0e)