Published: 02/11/2015 Updated: 18/06/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) prior to 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an "oversized" XML element name.

Vulnerable Product	Search on Vulmon	Subscribe to Product
miniupnp project miniupnpc 1.9
miniupnp project miniupnpc
debian debian linux 7.0
debian debian linux 8.0
canonical ubuntu linux 12.04
canonical ubuntu linux 14.04
canonical ubuntu linux 15.04
opensuse leap 42.1
opensuse opensuse 13.1
opensuse opensuse 13.2

Debian Bug report logs - #802650 miniupnpc: CVE-2015-6031: Buffer overflow vulnerability in XML parser functionality Package: src:miniupnpc; Maintainer for src:miniupnpc is Thomas Goirand <zigo@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 22 Oct 2015 06:30:02 UTC Severity: grave Tags: ...

An application using the MiniUPnP library could be made to crash or run programs as your login if it received specially crafted network traffic ...

CWE-119 http://www.ubuntu.com/usn/USN-2780-2 https://github.com/miniupnp/miniupnp/blob/master/miniupnpc/Changelog.txt http://www.ubuntu.com/usn/USN-2780-1 http://talosintel.com/reports/TALOS-2015-0035/https://github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78 http://www.debian.org/security/2015/dsa-3379 http://www.securityfocus.com/bid/77306 http://lists.opensuse.org/opensuse-updates/2015-11/msg00122.html https://security.gentoo.org/glsa/201801-08 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802650 https://nvd.nist.gov https://usn.ubuntu.com/2780-1/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-6031

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect