Primary

Context

Deluge Denial-of-Service Vulnerability via Webseeds Field

Vulnerability

A denial-of-service vulnerability has been identified in Deluge version 1.3.15. This issue allows local attackers to crash the application by entering an excessively long string, specifically a 5000-byte buffer, into the Webseeds field while creating a torrent. The application crash is triggered when the buffer exceeds the field's capacity.

Impact

Exploitation of this vulnerability leads to a crash of the Deluge application, causing a denial-of-service condition where the application becomes unresponsive or unavailable.

Reproduction

To reproduce this vulnerability, first create a text file containing a 5000-byte buffer. This can be done using a simple Python script that writes the buffer into a text file. After preparing the buffer, open Deluge and select 'File' > 'Create Torrent'. In the 'Webseeds' field, paste the content from the clipboard, which should include the 5000-byte buffer. Once pasted, the application will crash, demonstrating the denial-of-service vulnerability.

Added: Mar 22, 2026, 1:19 AM

Updated: Mar 22, 2026, 1:19 AM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.8

remediation

0.0

relevance

4.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.8

remediation

0.0

relevance

4.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Deluge Denial-of-Service Vulnerability via Webseeds Field

Vulnerability

Impact

Reproduction

Affected Products

Deluge

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating