ReadyMedia (aka MiniDLNA) prior to 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
readymedia project readymedia |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |