Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an "oversized" XML element name.
References
Link | Resource |
---|---|
http://www.ubuntu.com/usn/USN-2780-2 | Third Party Advisory |
https://github.com/miniupnp/miniupnp/blob/master/miniupnpc/Changelog.txt | Third Party Advisory |
http://www.ubuntu.com/usn/USN-2780-1 | Third Party Advisory |
http://talosintel.com/reports/TALOS-2015-0035/ | Exploit |
https://github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78 | Third Party Advisory |
http://www.debian.org/security/2015/dsa-3379 | Third Party Advisory |
http://www.securityfocus.com/bid/77306 | Third Party Advisory VDB Entry |
http://lists.opensuse.org/opensuse-updates/2015-11/msg00122.html | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/201801-08 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Information
Published : 2015-11-02 11:59
Updated : 2019-06-18 05:13
NVD link : CVE-2015-6031
Mitre link : CVE-2015-6031
JSON object : View
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Products Affected
canonical
- ubuntu_linux
miniupnp_project
- miniupnpc
opensuse
- leap
- opensuse
debian
- debian_linux