Published: 11/09/2014 Updated: 28/09/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows remote malicious users to cause a denial of service (crash) via crafted headers that trigger an out-of-bounds read.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

miniupnp project miniupnp 1.9

opensuse opensuse 12.3

opensuse opensuse 13.1

Vendor Advisories

Debian Bug report logs - #748913 miniupnpc: CVE-2014-3985: Buffer overread in miniwget Package: miniupnpc; Maintainer for miniupnpc is Thomas Goirand <zigo@debianorg>; Source for miniupnpc is src:miniupnpc (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 22 May 2014 08:54:01 UTC Sev ...
MiniUPnPc could be made to crash if it received specially crafted network traffic ...