Denial of Service Vulnerability in MiniSSDPd by MiniUPnP
CVE-2016-3178

5.5MEDIUM

Key Information:

Vendor

Miniupnp Project

Status
Minissdpd
Vendor
CVE Published:
24 March 2017

What is CVE-2016-3178?

The MiniSSDPd processRequest function is susceptible to a denial of service attack due to improper validation of memory access. An attacker with local access can exploit this vulnerability by sending specific requests that include a negative length value, leading to an out-of-bounds memory access and causing the daemon to crash. This vulnerability highlights the need for robust input validation to prevent such weaknesses, ensuring that applications remain secure against local threats.

References

http://www.openwall.com/lists/oss-security/2016/03/16/13
mailing-listx_refsource_MLIST
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816759
x_refsource_CONFIRM
http://speirofr.appspot.com/files/advisory/SPADV-2016-02.md
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.