Denial of Service Vulnerability in MiniUPnP by MiniUPnP Project
CVE-2014-3985

Currently unrated

Key Information:

Vendor: Miniupnp Project
Status: Miniupnp
Vendor: CVE Published:; 11 September 2014

🔔 Create Miniupnp Project Vulnerability Alert

What is CVE-2014-3985?

The getHTTPResponse function in miniwget.c of MiniUPnP version 1.9 is susceptible to a denial of service attack. By sending specially crafted HTTP headers, a remote attacker can trigger an out-of-bounds read, leading to a crash of the application. This vulnerability exposes systems using this version of MiniUPnP to potential service disruptions, making it critical for users to apply patches or explore mitigation strategies.

References

http://www.securityfocus.com/bid/67152

vdb-entryx_refsource_BID

http://lists.opensuse.org/opensuse-updates/2014-06/msg000...

vendor-advisoryx_refsource_SUSE

https://security.gentoo.org/glsa/201701-41

vendor-advisoryx_refsource_GENTOO

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2014
Vulnerability Reserved
Jun 6, 2014

CVE-2014-3985 Data

JSON