Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2017-8798

Published: 11/05/2017 Updated: 30/04/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Miniupnpd

Vulnerability Summary

Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote malicious users to cause a denial of service or possibly have unspecified other impact.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

miniupnp project miniupnpd 1.5

miniupnp project miniupnpd 1.8

miniupnp project miniupnpd 1.9

miniupnp project miniupnpd 2.0

miniupnp project miniupnpd 1.4

miniupnp project miniupnpd 1.7

Vendor Advisories

Debian CVElist Bug Report Logs: miniupnpc: CVE-2017-8798: miniupnp integer signedness error
Debian Bug report logs - #862273 miniupnpc: CVE-2017-8798: miniupnp integer signedness error Package: src:miniupnpc; Maintainer for src:miniupnpc is Thomas Goirand <zigo@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 10 May 2017 14:27:01 UTC Severity: grave Tags: patch, security, upstre ...
Ubuntu Security Notice: miniupnpc vulnerability
MiniUPnP could be made to crash or run programs if it received specially crafted network traffic ...
Ubuntu Security Notice: miniupnpc vulnerability
MiniUPnP could be made to crash or run programs if it received specially crafted network traffic ...
Arch Linux Issues:
Integer signedness error in MiniUPnP MiniUPnPc v1420101221 through v20 allows remote attackers to cause a denial of service or possibly have unspecified other impact ...

Exploits

Exploit DB: MiniUPnP MiniUPnPc < 2.0 - Remote Denial of Service
VuNote ====== Author: &lt;githubcom/tintinweb&gt; Ref: githubcom/tintinweb/pub/tree/master/pocs/cve-2017-8798 Version: 06 Date: May 1st, 2017 Tag: miniupnpc getHTTPResponse chunked encoding integer signedness error Overview -------- Name: miniupnpc Vendor: Thoma ...
Exploit DB: miniupnpc 2.0.20170421 Denial Of Service
miniupnpc suffers from an integer signedness error when parsing a chunked encoded http response ...

Github Repositories

https://github.com/guhe120/upnp

miniupnpc xml parser oob read vulnerability

Description: When miniupnpc parses a xml, it fails to check the end of the xml buffer, which could lead to read out of bounds of the buffer This can cause DOS or information leak In function void parseelt(struct xmlparser * p): if(memcmp(p-&gt;xml, "&lt;![CDATA[", 9) == 0) // (1) Failed to do bound check prior to "memcmp" here { /* C

References

CWE-119https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-8798http://miniupnp.free.fr/files/changelog.php?file=miniupnpc-2.0.20170509.tar.gzhttps://lists.debian.org/debian-lts-announce/2020/04/msg00027.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862273https://nvd.nist.govhttps://usn.ubuntu.com/3298-2/https://www.exploit-db.com/exploits/43501/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook