Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) prior to 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an "oversized" XML element name.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
miniupnp project miniupnpc 1.9 |
||
miniupnp project miniupnpc |
||
debian debian linux 7.0 |
||
debian debian linux 8.0 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 15.04 |
||
opensuse leap 42.1 |
||
opensuse opensuse 13.1 |
||
opensuse opensuse 13.2 |