CVE-2019-25585
Received Received - Intake
Denial of Service via Buffer Overflow in Deluge Webseeds Field

Publication date: 2026-03-22

Last updated on: 2026-03-24

Assigner: VulnCheck

Description
Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Webseeds field. Attackers can paste a buffer of 5000 bytes into the Webseeds field during torrent creation to trigger an application crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-22
Last Modified
2026-03-24
Generated
2026-05-07
AI Q&A
2026-03-22
EPSS Evaluated
2026-05-05
NVD
CVE-2019-25585
EUVD
EUVD-2019-19912
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
deluge-torrent deluge 1.3.15
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1260 The product allows address regions to overlap, which can result in the bypassing of intended memory protection.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2019-25585 is a denial of service (DoS) vulnerability in Deluge version 1.3.15. It occurs because the application improperly handles an excessively long string input in the Webseeds field during torrent creation.

An attacker can supply a buffer of 5000 bytes into the Webseeds field, which causes the application to crash. This is essentially a buffer overflow issue that leads to the application becoming unavailable.

The vulnerability was demonstrated by using a Python script to generate a large payload string, which when pasted into the Webseeds field, triggers the crash.


How can this vulnerability impact me? :

This vulnerability can impact you by causing the Deluge application to crash, resulting in a denial of service condition.

Since the attack requires local access and no privileges or user interaction, an attacker with local access can disrupt the availability of the application.

The impact is specifically on availability, meaning users will be unable to use the Deluge client while it is crashed.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the crash condition on the Deluge 1.3.15 application by supplying an excessively long string in the Webseeds field during torrent creation.'}, {'type': 'list_item', 'content': 'Run a Python script to generate a payload consisting of 5000 repetitions of the character \'A\' ("\\x41" * 5000).'}, {'type': 'list_item', 'content': 'Write this payload to a file (e.g., deluge_web.txt) and copy its content to the clipboard.'}, {'type': 'list_item', 'content': 'Launch the Deluge executable (deluge.exe).'}, {'type': 'list_item', 'content': "Navigate to 'File' > 'Create Torrent' in the application."}, {'type': 'list_item', 'content': "Paste the large payload string into the 'Webseeds' input field."}, {'type': 'paragraph', 'content': 'If the application crashes upon pasting the oversized input, the vulnerability is present.'}] [1]


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart