2016-07-14
ALT-BU-2016-3254-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Published: 2015-11-02
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-6031
Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an "oversized" XML element name.
Severity: MEDIUM (6.8)
References:
- openSUSE-SU-2015:2070
- openSUSE-SU-2015:2070
- http://talosintel.com/reports/TALOS-2015-0035/
- http://talosintel.com/reports/TALOS-2015-0035/
- DSA-3379
- DSA-3379
- 77306
- 77306
- USN-2780-1
- USN-2780-1
- USN-2780-2
- USN-2780-2
- https://github.com/miniupnp/miniupnp/blob/master/miniupnpc/Changelog.txt
- https://github.com/miniupnp/miniupnp/blob/master/miniupnpc/Changelog.txt
- https://github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78
- https://github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78
- GLSA-201801-08
- GLSA-201801-08