7.5
CVSSv2

CVE-2017-8798

Published: 11/05/2017 Updated: 30/04/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote malicious users to cause a denial of service or possibly have unspecified other impact.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

miniupnp project miniupnpd 1.5

miniupnp project miniupnpd 1.8

miniupnp project miniupnpd 1.9

miniupnp project miniupnpd 2.0

miniupnp project miniupnpd 1.4

miniupnp project miniupnpd 1.7

Vendor Advisories

MiniUPnP could be made to crash or run programs if it received specially crafted network traffic ...
MiniUPnP could be made to crash or run programs if it received specially crafted network traffic ...
Debian Bug report logs - #862273 miniupnpc: CVE-2017-8798: miniupnp integer signedness error Package: src:miniupnpc; Maintainer for src:miniupnpc is Thomas Goirand <zigo@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 10 May 2017 14:27:01 UTC Severity: grave Tags: patch, security, upstre ...
Integer signedness error in MiniUPnP MiniUPnPc v1420101221 through v20 allows remote attackers to cause a denial of service or possibly have unspecified other impact ...

Exploits

VuNote ====== Author: <githubcom/tintinweb> Ref: githubcom/tintinweb/pub/tree/master/pocs/cve-2017-8798 Version: 06 Date: May 1st, 2017 Tag: miniupnpc getHTTPResponse chunked encoding integer signedness error Overview -------- Name: miniupnpc Vendor: Thoma ...

Mailing Lists

miniupnpc suffers from an integer signedness error when parsing a chunked encoded http response ...

Github Repositories

miniupnpc xml parser oob read vulnerability

Description: When miniupnpc parses a xml, it fails to check the end of the xml buffer, which could lead to read out of bounds of the buffer This can cause DOS or information leak In function void parseelt(struct xmlparser * p): if(memcmp(p->xml, "<![CDATA[", 9) == 0) // (1) Failed to do bound check prior to "memcmp" here { /* C