Buffer Overflow in MiniUPnP Client Affects Multiple Platforms
CVE-2015-6031

Currently unrated

Key Information:

Vendor: Miniupnp Project
Status: Miniupnpc
Vendor: CVE Published:; 2 November 2015

🔔 Create Miniupnp Project Vulnerability Alert

What is CVE-2015-6031?

The MiniUPnP client contains a vulnerability in the IGDstartelt function, specifically within igd_desc_parse.c. This flaw allows remote UPnP servers to potentially compromise the application by sending oversized XML element names, leading to a denial of service through application crashes and opening the door for arbitrary code execution.

References

https://github.com/miniupnp/miniupnp/blob/master/miniupnp...

x_refsource_CONFIRM

https://security.gentoo.org/glsa/201801-08

vendor-advisoryx_refsource_GENTOO

http://www.debian.org/security/2015/dsa-3379

vendor-advisoryx_refsource_DEBIAN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 2, 2015
Vulnerability Reserved
Aug 14, 2015

CVE-2015-6031 Data

JSON