oss-sec mailing list archives
CVE-2026-57079 through CVE-2026-57082: Multiple vulnerabilities in Net::BitTorrent versions through 2.0.1 for Perl
From: Robert Rothenberg <rrwo () cpansec org>
Date: Tue, 30 Jun 2026 12:14:14 +0100
======================================================================== CVE-2026-57079 CPAN Security Group ======================================================================== CVE ID: CVE-2026-57079 Distribution: Net-BitTorrent Versions: through 2.0.1 MetaCPAN: https://metacpan.org/dist/Net-BitTorrent VCS Repo: https://github.com/sanko/Net-BitTorrent.pm Net::BitTorrent versions through 2.0.1 for Perl write files outside the download directory via path traversal in peer-supplied metadata References ---------- https://github.com/sanko/Net-BitTorrent.pm/security/advisories/GHSA-5wc6-r65f-62rr ======================================================================== CVE-2026-57080 CPAN Security Group ======================================================================== CVE ID: CVE-2026-57080 Distribution: Net-BitTorrent Versions: through 2.0.1 MetaCPAN: https://metacpan.org/dist/Net-BitTorrent VCS Repo: https://github.com/sanko/Net-BitTorrent.pm Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via an uncapped peer-wire message-length prefix References ---------- https://github.com/sanko/Net-BitTorrent.pm/security/advisories/GHSA-7jr6-2jf4-6qc4 ======================================================================== CVE-2026-57081 CPAN Security Group ======================================================================== CVE ID: CVE-2026-57081 Distribution: Net-BitTorrent Versions: through 2.0.1 MetaCPAN: https://metacpan.org/dist/Net-BitTorrent VCS Repo: https://github.com/sanko/Net-BitTorrent.pm Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input References ---------- https://github.com/sanko/Net-BitTorrent.pm/security/advisories/GHSA-mv44-v82p-89xv ======================================================================== CVE-2026-57082 CPAN Security Group ======================================================================== CVE ID: CVE-2026-57082 Distribution: Net-BitTorrent Versions: through 2.0.1 MetaCPAN: https://metacpan.org/dist/Net-BitTorrent VCS Repo: https://github.com/sanko/Net-BitTorrent.pm Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG References ---------- https://github.com/sanko/Net-BitTorrent.pm/security/advisories/GHSA-g444-x2c5-94hc
Current thread:
- CVE-2026-57079 through CVE-2026-57082: Multiple vulnerabilities in Net::BitTorrent versions through 2.0.1 for Perl Robert Rothenberg (Jun 30)
