CVE-2015-5685 - Kacha Disadvantage

Description

The lazy_bdecode function in BitTorrent DHT bootstrap server (bootstrap-dht ) allows remote attackers to execute arbitrary code via a crafted packet related to \improper indexing.\

Reference

https://github.com/bittorrent/bootstrap-dht/commit/e809ea80e3527e32c40756eddd8b2ae44bc3af1a http://www.zerodayinitiative.com/advisories/ZDI-15-366/ http://www.zerodayinitiative.com/advisories/ZDI-15-367/