Published: 11/09/2014 Updated: 28/09/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows remote malicious users to cause a denial of service (crash) via crafted headers that trigger an out-of-bounds read.

Vulnerable Product	Search on Vulmon	Subscribe to Product
miniupnp project miniupnp 1.9
opensuse opensuse 12.3
opensuse opensuse 13.1

Debian Bug report logs - #748913 miniupnpc: CVE-2014-3985: Buffer overread in miniwget Package: miniupnpc; Maintainer for miniupnpc is Thomas Goirand <zigo@debianorg>; Source for miniupnpc is src:miniupnpc (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 22 May 2014 08:54:01 UTC Sev ...

MiniUPnPc could be made to crash if it received specially crafted network traffic ...

NVD-CWE-noinfo http://seclists.org/oss-sec/2014/q2/201 https://bugzilla.redhat.com/show_bug.cgi?id=1085618 http://www.securityfocus.com/bid/67152 http://seclists.org/oss-sec/2014/q2/496 https://github.com/miniupnp/miniupnp/commit/3a87aa2f10bd7f1408e1849bdb59c41dd63a9fe9 http://lists.opensuse.org/opensuse-updates/2014-06/msg00039.html https://security.gentoo.org/glsa/201701-41 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748913 https://nvd.nist.gov https://usn.ubuntu.com/2280-1/https://www.securityfocus.com/bid/67152

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-3985

Vulnerability Summary

Most Upvoted Vulmon Research Post

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect