Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2020-28926

Published: 30/11/2020 Updated: 06/08/2022
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Readymedia

Vulnerability Summary

ReadyMedia (aka MiniDLNA) prior to 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

readymedia project readymedia

debian debian linux 9.0

debian debian linux 10.0

Vendor Advisories

Debian CVElist Bug Report Logs: minidlna: CVE-2020-28926
Debian Bug report logs - #976595 minidlna: CVE-2020-28926 Package: src:minidlna; Maintainer for src:minidlna is Alexander GQ Gerasiov <gq@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 5 Dec 2020 15:51:01 UTC Severity: grave Tags: security, upstream Found in versions minidlna/121+df ...
Debian Security Advisories: DSA-4806-1 minidlna -- security update
It was discovered that missing input validation in minidlna, a lightweight DLNA/UPnP-AV server could result in the execution of arbitrary code In addition minidlna was susceptible to the CallStranger UPnP vulnerability For the stable distribution (buster), these problems have been fixed in version 121+dfsg-2+deb10u1 We recommend that you upgra ...
Arch Linux Issues:
ReadyMedia (aka MiniDLNA) before versions 130 allows remote code execution Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove ...

Github Repositories

https://github.com/lorsanta/exploit-CVE-2020-28926

exploit-CVE-2020-28926 Reference wwwrootshellsecuritynet/remote-heap-corruption-bug-discovery-minidlna/ Build Copy the folder containing minidlna-121 source and run build_and_runsh

References

CWE-120https://sourceforge.net/projects/minidlna/https://www.rootshellsecurity.net/remote-heap-corruption-bug-discovery-minidlna/https://www.debian.org/security/2020/dsa-4806https://lists.debian.org/debian-lts-announce/2020/12/msg00017.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976595https://nvd.nist.govhttps://www.debian.org/security/2020/dsa-4806
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
XXECVE-2024-34490SQL injectionCVE-2024-34488CVE-2024-4507CVE-2023-7028CVE-2024-23187TCPCVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook