Lucene search

[email protected]CVE-2014-3985

HistorySep 11, 2014 - 6:55 p.m.

CVE-2014-3985

2014-09-1118:55:06

[email protected]

web.nvd.nist.gov

cve

2014

3985

miniupnp

gethttpresponse

denial of service

vulnerability

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.4 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.6%

JSON

The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows remote attackers to cause a denial of service (crash) via crafted headers that trigger an out-of-bounds read.

Affected configurations

NVD

Node

miniupnp_projectminiupnpMatch1.9

Node

opensuseopensuseMatch12.3

opensuseopensuseMatch13.1

CPENameOperatorVersion
miniupnp_project:miniupnpminiupnp project miniupnpeq1.9

CPE	Name	Operator	Version
miniupnp_project:miniupnp	miniupnp project miniupnp	eq	1.9

References

lists.opensuse.org/opensuse-updates/2014-06/msg00039.html

seclists.org/oss-sec/2014/q2/201

seclists.org/oss-sec/2014/q2/496

www.securityfocus.com/bid/67152

bugzilla.redhat.com/show_bug.cgi?id=1085618

github.com/miniupnp/miniupnp/commit/3a87aa2f10bd7f1408e1849bdb59c41dd63a9fe9

security.gentoo.org/glsa/201701-41

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.4 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.6%

JSON

Related for CVE-2014-3985

openvas1 securityvulns2 nvd1 gentoo1 nessus4 ubuntucve1 ubuntu1 debiancve1 prion1 cvelist1