miniupnpc -- buffer overflow

2015-09-15T00:00:00
ID 06FEFD2F-728F-11E5-A371-14DAE9D210B8
Type freebsd
Reporter FreeBSD
Modified 2015-10-14T00:00:00

Description

Talos reports:

An exploitable buffer overflow vulnerability exists in the XML parser functionality of the MiniUPnP library. A specially crafted XML response can lead to a buffer overflow on the stack resulting in remote code execution. An attacker can set up a server on the local network to trigger this vulnerability.