CVE-2016-3179

2017-03-2415:59:00

Google

osv.dev

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (invalid free and daemon crash) via vectors related to error handling.

CPENameOperatorVersion
miniupnpeqminiupnpd_1_8
miniupnpeqminiupnpc_1_7
miniupnpeqminissdpd_1_2
miniupnpeqminiupnpc_1_8
miniupnpeqminiupnpd_1_7

Name	Operator	Version
miniupnp	eq	miniupnpd_1_8
miniupnp	eq	miniupnpc_1_7
miniupnp	eq	minissdpd_1_2
miniupnp	eq	miniupnpc_1_8
miniupnp	eq	miniupnpd_1_7

References

speirofr.appspot.com/files/advisory/SPADV-2016-02.md

www.openwall.com/lists/oss-security/2016/03/16/13

bugs.debian.org/cgi-bin/bugreport.cgi?bug=816759

github.com/miniupnp/miniupnp/commit/140ee8d2204b383279f854802b27bdb41c1d5d1a