CVE-2010-0012

Name of the Vulnerable Software and Affected Versions Transmission versions 1.22, 1.34, 1.75, and 1.76

Description The issue allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file. This is due to a directory traversal vulnerability in libtransmission/metainfo.c.

Recommendations For versions 1.22, 1.34, 1.75, and 1.76, consider restricting the handling of .torrent files to prevent exploitation until a patch is available. As a temporary workaround, consider disabling the functionality that processes .torrent files until a fix is released. At the moment, there is no information about a newer version that contains a fix for this vulnerability.