Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-33476
HistoryJun 02, 2023 - 12:00 a.m.

CVE-2023-33476

2023-06-0200:00:00
ubuntu.com
ubuntu.com
5
readymedia minidlna buffer overflow http requests out-of-bounds read/write.

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

51.7%

ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to
Buffer Overflow. The vulnerability is caused by incorrect validation logic
when handling HTTP requests using chunked transport encoding. This results
in other code later using attacker-controlled chunk values that exceed the
length of the allocated buffer, resulting in out-of-bounds read/write.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchminidlna< 1.2.1+dfsg-1ubuntu0.18.04.1+esm1UNKNOWN
ubuntu20.04noarchminidlna< 1.2.1+dfsg-1ubuntu0.20.04.2UNKNOWN
ubuntu22.04noarchminidlna< 1.3.0+dfsg-2.1ubuntu0.1UNKNOWN
ubuntu23.04noarchminidlna< 1.3.0+dfsg-2.2ubuntu0.1UNKNOWN
ubuntu16.04noarchminidlna< 1.1.5+dfsg-2ubuntu0.1+esm1UNKNOWN

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

51.7%