Suggestions search

All statuses

Filter by:

With package: deluged

Found 2 matching suggestions

View:

Compact

Detailed

Untriaged

Permalink CVE-2019-25585

6.2 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

created 2 months ago Activity log

Created suggestion 2 months ago

Deluge 1.3.15 Denial of Service via Webseeds Field

Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Webseeds field. Attackers can paste a buffer of 5000 bytes into the Webseeds field during torrent creation to trigger an application crash.

References

ExploitDB-46884 exploit
Official Product Homepage product
Product Reference product
VulnCheck Advisory: Deluge 1.3.15 Denial of Service via Webseeds Field third-party-advisory

Affected products

Deluge

==1.3.15

Matching in nixpkgs

pkgs.deluge

Torrent client

nixos-unstable 2.2.0
- nixpkgs-unstable 2.2.0
- nixos-unstable-small 2.2.0
nixos-25.11 2.2.0
- nixos-25.11-small 2.2.0
- nixpkgs-25.11-darwin 2.2.0

pkgs.deluged

Torrent client

nixos-unstable 2.2.0
- nixpkgs-unstable 2.2.0
- nixos-unstable-small 2.2.0
nixos-25.11 2.2.0
- nixos-25.11-small 2.2.0
- nixpkgs-25.11-darwin 2.2.0

pkgs.deluge-2_x

Torrent client

nixos-unstable 2.2.0
- nixpkgs-unstable 2.2.0
- nixos-unstable-small 2.2.0
nixos-25.11 2.2.0
- nixos-25.11-small 2.2.0
- nixpkgs-25.11-darwin 2.2.0

pkgs.deluge-gtk

Torrent client

nixos-unstable 2.2.0
- nixpkgs-unstable 2.2.0
- nixos-unstable-small 2.2.0
nixos-25.11 2.2.0
- nixos-25.11-small 2.2.0
- nixpkgs-25.11-darwin 2.2.0

pkgs.prometheus-deluge-exporter

Prometheus exporter for Deluge

nixos-unstable 2.4.1
- nixpkgs-unstable 2.4.1
- nixos-unstable-small 2.4.1
nixos-25.11 2.4.1
- nixos-25.11-small 2.4.1
- nixpkgs-25.11-darwin 2.4.1

pkgs.python312Packages.deluge-client

Lightweight pure-python rpc client for deluge

nixos-25.11 1.10.2
- nixos-25.11-small 1.10.2
- nixpkgs-25.11-darwin 1.10.2

pkgs.python313Packages.deluge-client

Lightweight pure-python rpc client for deluge

nixos-unstable 1.10.2
- nixpkgs-unstable 1.10.2
- nixos-unstable-small 1.10.2
nixos-25.11 1.10.2
- nixos-25.11-small 1.10.2
- nixpkgs-25.11-darwin 1.10.2

pkgs.python314Packages.deluge-client

Lightweight pure-python rpc client for deluge

nixos-unstable 1.10.2
- nixpkgs-unstable 1.10.2
- nixos-unstable-small 1.10.2

pkgs.home-assistant-component-tests.deluge

Open source home automation that puts local control and privacy first

nixos-25.11 2025.11.3
- nixos-25.11-small 2025.11.3
- nixpkgs-25.11-darwin 2025.11.3

pkgs.tests.home-assistant-component-tests.deluge

Open source home automation that puts local control and privacy first

nixos-unstable 2026.3.3
- nixpkgs-unstable 2026.2.3
- nixos-unstable-small 2026.3.3

Package maintainers

@domenkozar Domen Kozar <domen@dev.si>
@ebzzry Rommel Martinez <ebzzry@ebzzry.io>
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
@ibizaman Pierre Penninckx <ibizapeanut@gmail.com>
@peterhoeg Peter Hoeg <peter@hoeg.com>
@a-peirogon Andrés D'Infante <ainfanthe@gmail.com>

Untriaged

Permalink CVE-2019-25586

6.2 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

created 2 months ago Activity log

Created suggestion 2 months ago

Deluge 1.3.15 Denial of Service via URL Field

Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the URL field. Attackers can paste a buffer of 5000 characters into the 'From URL' field during torrent addition to trigger an application crash.