The minissdpd daemon contains a improper validation of array index
vulnerability (CWE-129) when processing requests sent to the Unix
socket at /var/run/minissdpd.sock the Unix socket can be accessed
by an unprivileged user to send invalid request causes an
out-of-bounds memory access that crashes the minissdpd daemon.
For Debian 7 Wheezy, these issues have been fixed in minissdpd version 1.1.20120121-1+deb7u1
CPE | Name | Operator | Version |
---|---|---|---|
minissdpd | eq | 1.1.20120121-1 |