5
CVSSv2

CVE-2014-3985

Published: 11/09/2014 Updated: 28/09/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows remote malicious users to cause a denial of service (crash) via crafted headers that trigger an out-of-bounds read.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

miniupnp project miniupnp 1.9

opensuse opensuse 12.3

opensuse opensuse 13.1

Vendor Advisories

MiniUPnPc could be made to crash if it received specially crafted network traffic ...
Debian Bug report logs - #748913 miniupnpc: CVE-2014-3985: Buffer overread in miniwget Package: miniupnpc; Maintainer for miniupnpc is Thomas Goirand <zigo@debianorg>; Source for miniupnpc is src:miniupnpc (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 22 May 2014 08:54:01 UTC Sev ...