Denial of Service Vulnerability in MiniSSDPd by MiniUPnP
CVE-2016-3179

5.5MEDIUM

Key Information:

Vendor

Miniupnp Project

Status
Minissdpd
Vendor
CVE Published:
24 March 2017

What is CVE-2016-3179?

The processRequest function in minissdpd.c of MiniSSDPd version 1.2.20130907-3 has a flaw that allows local users to trigger a denial of service condition. This issue arises from improper error handling, which can lead to an invalid memory free operation and subsequently cause the daemon to crash. Effective mitigation requires thorough validation of array indices to prevent crashes due to erroneous input.

References

http://www.openwall.com/lists/oss-security/2016/03/16/13
mailing-listx_refsource_MLIST
https://github.com/miniupnp/miniupnp/commit/140ee8d2204b3...
x_refsource_CONFIRM
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816759
x_refsource_CONFIRM

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.