VDB
CVE-2010-0012
CVE-2010-0012
PUBLISHED
CVSS 6.800000190734863 MEDIUM
Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.
EPSS 0.30% · 53.4th percentile
Risk Scores
CVSS 2.0
6.800000190734863
EPSS Score
0.30%
53.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| opensuse | opensuse | 11.2, 11.1, 11.0 |
| debian | debian_linux | 5.0 |
| transmissionbt | transmission | 1.76, 1.22, 1.34 |
| n/a | n/a | n/a |
Timeline
- Jan 8, 2010 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- http://trac.transmissionbt.com/wiki/Changes#version-1.77 url
- [oss-security] 20100106 Re: CVE Request: Transmission mailing-list
- https://launchpad.net/bugs/500625 url
- http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz url
- http://trac.transmissionbt.com/changeset/9829/ url
- 38005 third-party-advisory
- ADV-2010-0071 vdb
- DSA-1967 vendor-advisory
- transmission-name-directory-traversal(55454) vdb
- [oss-security] 20100106 CVE Request: Transmission mailing-list
- 37993 third-party-advisory
- SUSE-SA:2010:008 vendor-advisory
- [debian-devel-changes] 20100105 Accepted transmission 1.77-1 (source all amd64) mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2010-0012 advisory
- http://trac.transmissionbt.com/changeset/9829 url
- http://www.mail-archive.com/debian-devel-changes@lists.debian.org/msg264483.html url