Buffer overflow

Buffer overflow in the IGDstartelt function in igddescparse.c in the MiniUPnP client aka MiniUPnPc before 1.9.20150917 allows remote UPNP servers to cause a denial of service application crash and possibly execute arbitrary code via an "oversized" XML element name...

Debian DSA-3379-1 : miniupnpc - security update

Aleksandar Nikolic of Cisco Talos discovered a buffer overflow vulnerability in the XML parser functionality of miniupnpc, a UPnP IGD client lightweight library. A remote attacker can take advantage of this flaw to cause an application using the miniupnpc library to crash, or potentially to execu...

[SECURITY] [DSA 3379-1] miniupnpc security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3379-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 25, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3379-1] miniupnpc security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3379-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 25, 2015 https://www.debian.org/security/faq -...

DSA-3379-1 miniupnpc - security update

Bulletin has no description...

Debian Security Advisory DSA 3379-1 (miniupnpc - security update)

Aleksandar Nikolic of Cisco Talos discovered a buffer overflow vulnerability in the XML parser functionality of miniupnpc, a UPnP IGD client lightweight library. A remote attacker can take advantage of this flaw to cause an application using the miniupnpc library to crash, or potentially to execu...

Debian: Security Advisory (DSA-3379-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 15.10 : miniupnpc vulnerability (USN-2780-2)

USN-2780-1 fixed a vulnerability in the MiniUPnP library in Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 15.04. This update provides the corresponding update for Ubuntu 15.10. Aleksandar Nikolic discovered a buffer overflow vulnerability in the XML parser functionality of the MiniUPnP library. ...

Ubuntu: Security Advisory (USN-2780-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : miniupnpc -- buffer overflow (06fefd2f-728f-11e5-a371-14dae9d210b8)

Talos reports : An exploitable buffer overflow vulnerability exists in the XML parser functionality of the MiniUPnP library. A specially crafted XML response can lead to a buffer overflow on the stack resulting in remote code execution. An attacker can set up a server on the local network to...

Ubuntu: Security Advisory (USN-2280-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : MiniUPnPc vulnerability (USN-2280-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2280-1 advisory. It was discovered that MiniUPnPc incorrectly handled certain buffer lengths. A remote attacker could possibly use this issue to cause applications using MiniUPnPc...

USN-2280-1 miniupnpc vulnerability

It was discovered that MiniUPnPc incorrectly handled certain buffer lengths. A remote attacker could possibly use this issue to cause applications using MiniUPnPc to crash, resulting in a denial of service...

USN-2280-1: MiniUPnPc vulnerability

It was discovered that MiniUPnPc incorrectly handled certain buffer lengths. A remote attacker could possibly use this issue to cause applications using MiniUPnPc to crash, resulting in a denial of service...

openSUSE Security Update : miniupnpc (openSUSE-SU-2014:0815-1)

miniupnpc was updated to 1.9 to fix a potential buffer overrun in miniwget.c CVE-2014-3985. Besides that the following issues were fixed : - added argument remoteHost to UPNPGetSpecificPortMappingEntry - increment APIVERSION to 10 - --help and -h arguments in upnpc.c - define MAXHOSTNAMELEN if no...

[oss-security] Re: CVE request: possible miniupnpc buffer overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It was pointed out in https://bugzilla.redhat.com/showbug.cgi?id=1085618 that miniupnpc version 1.9 fixes a possible buffer overflow: https://github.com/miniupnp/miniupnp/commit/3a87aa2f10bd7f1408e1849bdb59c41dd63a9fe9 On a related note ... in version...

Mandriva Linux Security Advisory : miniupnpc (MDVSA-2014:120)

Updated miniupnpc packages fix security vulnerability : The miniupnpc library before 1.9 may be vulnerable to a denial of service due to a buffer overrun that can be triggered by something on the network. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks...

Fedora Update for miniupnpc FEDORA-2014-5903

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated miniupnpc packages fix a buffer overrun

Updated miniupnpc packages fix security vulnerability: The miniupnpc library before 1.9 may be vulnerable to a denial of service due to a buffer overrun that can be triggered by something on the network...

MGASA-2014-0224 Updated miniupnpc packages fix a buffer overrun

Updated miniupnpc packages fix security vulnerability: The miniupnpc library before 1.9 may be vulnerable to a denial of service due to a buffer overrun that can be triggered by something on the network...