Denial of Service Vulnerability in miniupnpd by MiniUPnP
CVE-2017-1000494

7.8HIGH

Key Information:

Vendor

Miniupnp Project

Status
Miniupnpd
Vendor
CVE Published:
3 January 2018

What is CVE-2017-1000494?

This vulnerability in miniupnpd prior to version 2.0 stems from an uninitialized stack variable in the NameValueParserEndElt function located in upnpreplyparse.c. Malicious actors can exploit this issue to trigger a Denial of Service condition, which may result in segmentation faults and potential memory corruption. The exploitation of this vulnerability can disrupt the normal functions of the affected software, making it critical for administrators to apply patches and updates promptly.

References

https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86...
x_refsource_CONFIRM
https://usn.ubuntu.com/3562-1/
vendor-advisoryx_refsource_UBUNTU
https://github.com/miniupnp/miniupnp/issues/268
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.