CVE-2015-6031

2015-11-0219:59:00

CWE-119

[email protected]

web.nvd.nist.gov

miniupnp

buffer overflow

cve-2015-6031

remote attackers

denial of service

arbitrary code

xml element

nvd

7.6 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.8%

JSON

Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an “oversized” XML element name.

CPENameOperatorVersion
miniupnp_project:miniupnpcminiupnp project miniupnpcle1.9
debian:debian_linuxdebian debian linuxeq8.0
debian:debian_linuxdebian debian linuxeq7.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq15.04
opensuse:leapopensuse leapeq42.1
opensuse:opensuseopensuseeq13.1
opensuse:opensuseopensuseeq13.2

CPE	Name	Operator	Version
miniupnp_project:miniupnpc	miniupnp project miniupnpc	le	1.9
debian:debian_linux	debian debian linux	eq	8.0
debian:debian_linux	debian debian linux	eq	7.0
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	15.04
opensuse:leap	opensuse leap	eq	42.1
opensuse:opensuse	opensuse	eq	13.1
opensuse:opensuse	opensuse	eq	13.2