Description
Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Webseeds field. Attackers can paste a buffer of 5000 bytes into the Webseeds field during torrent creation to trigger an application crash.
Published: 2026-03-22
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

The vulnerability exists in Deluge 1.3.15 where an attacker can cause a crash by entering an overly long string into the Webseeds field during torrent creation. This trigger leads to a denial of service that terminates the application process. The weakness involves a buffer overrun, categorized as CWE-1260, and it affects availability by interrupting service.

Affected Systems

Deluge is a cross‑platform torrent client. The affected version is 1.3.15 released by the project's development team. Users running this exact release on any supported platform are impacted. No other versions are listed as vulnerable.

Risk and Exploitability

The CVSS v3 score of 6.9 indicates medium severity. EPSS data is not available, and the vulnerability is not in CISA's KEV catalog. The attack appears to be local, requiring the attacker to have access to the host to input the malicious torrent file. Given the local nature and lack of remote code execution, the risk is primarily service disruption, but the medium score suggests that a determined local adversary could reliably bring the application down.

Generated by OpenCVE AI on March 22, 2026 at 01:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest version of Deluge
  • If an upgrade is not immediately possible, avoid using the Webseeds field with excessively large values
  • Monitor the application for repeated crashes and apply any available patches as soon as they become available

Generated by OpenCVE AI on March 22, 2026 at 01:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 22 Mar 2026 00:30:00 +0000

Type Values Removed Values Added
Description Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Webseeds field. Attackers can paste a buffer of 5000 bytes into the Webseeds field during torrent creation to trigger an application crash.
Title Deluge 1.3.15 Denial of Service via Webseeds Field
First Time appeared Deluge-torrent
Deluge-torrent deluge
Weaknesses CWE-1260
CPEs cpe:2.3:a:deluge-torrent:deluge:1.3.15:*:*:*:*:*:*:*
Vendors & Products Deluge-torrent
Deluge-torrent deluge
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Deluge-torrent Deluge
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-24T14:29:22.920Z

Reserved: 2026-03-21T16:45:51.670Z

Link: CVE-2019-25585

cve-icon Vulnrichment

Updated: 2026-03-24T14:29:08.045Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-22T01:16:56.497

Modified: 2026-03-24T14:42:41.500

Link: CVE-2019-25585

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:46:54Z

Weaknesses