Lucene search

K

[email protected]NVD:CVE-2015-6031

HistoryNov 02, 2015 - 7:59 p.m.

CVE-2015-6031

2015-11-0219:59:14

CWE-119

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.0%

Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an “oversized” XML element name.

Affected configurations

NVD

Node

miniupnp_projectminiupnpcRange≤1.9

OR

miniupnp_projectminiupnpcMatch1.92014-02-03

OR

miniupnp_projectminiupnpcMatch1.92014-02-05

OR

miniupnp_projectminiupnpcMatch1.92014-05-15

OR

miniupnp_projectminiupnpcMatch1.92014-06-10

OR

miniupnp_projectminiupnpcMatch1.92014-07-01

OR

miniupnp_projectminiupnpcMatch1.92014-09-06

OR

miniupnp_projectminiupnpcMatch1.92014-09-11

OR

miniupnp_projectminiupnpcMatch1.92014-11-05

OR

miniupnp_projectminiupnpcMatch1.92014-11-13

OR

miniupnp_projectminiupnpcMatch1.92014-11-17

OR

miniupnp_projectminiupnpcMatch1.92015-04-27

OR

miniupnp_projectminiupnpcMatch1.92015-04-30

OR

miniupnp_projectminiupnpcMatch1.92015-05-22

OR

miniupnp_projectminiupnpcMatch1.92015-06-16

OR

miniupnp_projectminiupnpcMatch1.92015-07-15

OR

miniupnp_projectminiupnpcMatch1.92015-07-22

OR

miniupnp_projectminiupnpcMatch1.92015-07-23

OR

miniupnp_projectminiupnpcMatch1.92015-08-16

OR

miniupnp_projectminiupnpcMatch1.92015-08-27

OR

miniupnp_projectminiupnpcMatch1.92015-08-28

OR

miniupnp_projectminiupnpcMatch1.92015-09-15

Node

debiandebian_linuxMatch7.0

OR

debiandebian_linuxMatch8.0

Node

canonicalubuntu_linuxMatch12.04lts

OR

canonicalubuntu_linuxMatch14.04lts

OR

canonicalubuntu_linuxMatch15.04

Node

opensuseleapMatch42.1

OR

opensuseopensuseMatch13.1

OR

opensuseopensuseMatch13.2

References

lists.opensuse.org/opensuse-updates/2015-11/msg00122.html

talosintel.com/reports/TALOS-2015-0035/

www.debian.org/security/2015/dsa-3379

www.securityfocus.com/bid/77306

www.ubuntu.com/usn/USN-2780-1

www.ubuntu.com/usn/USN-2780-2

github.com/miniupnp/miniupnp/blob/master/miniupnpc/Changelog.txt

github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78

security.gentoo.org/glsa/201801-08

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.0%

Related for NVD:CVE-2015-6031

gentoo1 nessus6 debian2 cvelist1 archlinux1 threatpost1 prion1 cve1 freebsd1 openvas5 securityvulns2 talos1 debiancve1 ubuntu2 ubuntucve1 mageia1