DOS Vulnerability in uTorrent and Bittorrent

Martin Brinkmann
Jan 17, 2008
Updated • Dec 2, 2012
File Sharing, Security

A vulnerability in uTorrent and Bittorrent, which is using uTorrent's core, was discovered today that effects the BitTorrent 6.0 client,
uTorrent 1.7.x, uTorrent 1.6.x and uTorrent 1.8-alpha-7834. The Denial of Service vulnerability is made possible by the way the clients handle user data.

Basically said, uTorrent will crash if a user connects to it that sends a software version that is to long to be handled. This results in a crash of uTorrent. The attacker does not need to use Bittorrent at all to do that, a connection to the port that is being used by Bittorrent sending the to-long software version and a valid torrent hash is enough.

Code execution on the other hand is not possible. The uTorrent team reacted in less than one day and published a new version of their software 1.7.6 that handles the DOS vulnerability and three minor issues as well.

While it is not very likely that someone will actually exploit the vulnerability it is still advised to update immediately.

By default both the clients have the “Detailed Info” window active with the “General” section visible in it where are reported various informations about the status of the torrent and the trackers in use.

In this same window near “General” there is also the “Peers” section which is very useful since it showes many informations about the other connected clients like the percentage of availability of the shared torrent, their IP address, country, speed and amount of downloaded and uploaded data and moreover the version of their client (like “BitTorrent 6.0″, “Azureus″, “uTorrent 1.7.5″, “KTorrent 2.2.4″ and so on).

When this window is visualized by the user the unicode strings with the software versions of the connected clients are copied in the relative static buffers used for the visualization in the GUI through the wcscpy function.

If this string is too long a crash will occur immediately or in some cases (like on BitTorrent) could happen later or when the user watches the status of another torrent or leaves the “Peers” window. Code execution is not possible.

For exploiting the problem is enough that an external attacker connects to the random port opened on the client and sends the long client version and the SHA1 hash of the torrent currently in use and watched
on the target. Note that all these parameters (client IP, port and torrent’s hash) are
publicly available on the tracker.

Update: The vulnerability has been fixed officially. All you need to do is download the latest version form the official website or use the in-client update functionality to update uTorrent to the latest release version.


Tutorials & Tips

Previous Post: «
Next Post: «


  1. Pongpun said on August 9, 2020 at 9:24 am

    Join/push history/android

  2. sKz said on January 18, 2008 at 4:49 am

    Confirmed this bug works…
    But will not work with privte tracker, you need to copy the SHA-1 hash manually from the torretn page you are downloading.

    1. Yvette M Levine said on July 6, 2023 at 9:52 am

      Not consenting to data being shared

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.