Stack-based Buffer Overflow in MiniUPnP HTTP Service
CVE-2013-0230

Currently unrated

Key Information:

Vendor

Miniupnp Project

Status
Miniupnpd
Vendor
CVE Published:
31 January 2013

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC๐ŸŸฃ EPSS 65%

What is CVE-2013-0230?

A stack-based buffer overflow vulnerability exists in the ExecuteSoapAction function of the SOAPAction handler in the HTTP service of MiniUPnP MiniUPnPd 1.0. This security flaw allows remote attackers to exploit the vulnerability by sending specially crafted requests, which can lead to arbitrary code execution on the affected system. This vulnerability emphasizes the importance of proper input validation and memory management in software design and deployment.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2013-0230 - Proof of Concept

Metasploit exploit module for CVE-2013-0230
Created by Rapid7

References

https://community.rapid7.com/servlet/JiveServlet/download...
x_refsource_MISC
https://community.rapid7.com/servlet/servlet.FileDownload...
x_refsource_MISC
https://community.rapid7.com/community/infosec/blog/2013/...
x_refsource_MISC

EPSS Score

65% chance of being exploited in the next 30 days.

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.