Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-33476

Published: 02/06/2023 Updated: 25/11/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Readymedia Project

Vulnerability Summary

ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk values that exceed the length of the allocated buffer, resulting in out-of-bounds read/write.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

readymedia project readymedia

Vendor Advisories

Debian CVElist Bug Report Logs: minidlna: CVE-2023-33476
Debian Bug report logs - #1037052 minidlna: CVE-2023-33476 Package: src:minidlna; Maintainer for src:minidlna is Alexander GQ Gerasiov <gq@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 2 Jun 2023 21:27:02 UTC Severity: grave Tags: security, upstream Found in version minidlna/132+df ...
Debian Security Advisories: DSA-5434-1 minidlna -- security update
A heap-based buffer overflow vulnerability was found in the HTTP chunk parsing code of minidlna, a lightweight DLNA/UPnP-AV server, which may result in denial of service or the execution of arbitrary code For the oldstable distribution (bullseye), this problem has been fixed in version 130+dfsg-2+deb11u2 For the stable distribution (bookworm), ...

Github Repositories

https://github.com/mellow-hype/cve-2023-33476

Exploits for a heap overflow in MiniDLNA <=1.3.2 (CVE-2023-33476)

CVE-2023-33476 ReadyMedia (MiniDLNA) versions from 1115 up to 132 is vulnerable to Buffer Overflow The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding This results in other code later using attacker-controlled chunk values that exceed the length of the allocated buffer, resulting in out-of-bounds read/wri

References

CWE-787https://sourceforge.net/projects/minidlna/https://sourceforge.net/p/minidlna/git/ci/9bd58553fae5aef3e6dd22f51642d2c851225aec/https://blog.coffinsec.com/0day/2023/05/31/minidlna-heap-overflow-rca.htmlhttps://lists.debian.org/debian-lts-announce/2023/06/msg00027.htmlhttps://www.debian.org/security/2023/dsa-5434https://security.gentoo.org/glsa/202311-12https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037052https://nvd.nist.govhttps://github.com/mellow-hype/cve-2023-33476https://www.debian.org/security/2023/dsa-5434
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
XXECVE-2024-34490SQL injectionCVE-2024-34488CVE-2024-4507CVE-2023-7028CVE-2024-23187TCPCVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook