Lucene search

[email protected]CVE-2015-6031

HistoryNov 02, 2015 - 7:59 p.m.

CVE-2015-6031

2015-11-0219:59:14

CWE-119

[email protected]

web.nvd.nist.gov

miniupnp

buffer overflow

cve-2015-6031

remote attackers

denial of service

arbitrary code

xml element

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.0%

JSON

Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an “oversized” XML element name.

Affected configurations

NVD

Node

miniupnp_projectminiupnpcRange≤1.9

miniupnp_projectminiupnpcMatch1.92014-02-03

miniupnp_projectminiupnpcMatch1.92014-02-05

miniupnp_projectminiupnpcMatch1.92014-05-15

miniupnp_projectminiupnpcMatch1.92014-06-10

miniupnp_projectminiupnpcMatch1.92014-07-01

miniupnp_projectminiupnpcMatch1.92014-09-06

miniupnp_projectminiupnpcMatch1.92014-09-11

miniupnp_projectminiupnpcMatch1.92014-11-05

miniupnp_projectminiupnpcMatch1.92014-11-13

miniupnp_projectminiupnpcMatch1.92014-11-17

miniupnp_projectminiupnpcMatch1.92015-04-27

miniupnp_projectminiupnpcMatch1.92015-04-30

miniupnp_projectminiupnpcMatch1.92015-05-22

miniupnp_projectminiupnpcMatch1.92015-06-16

miniupnp_projectminiupnpcMatch1.92015-07-15

miniupnp_projectminiupnpcMatch1.92015-07-22

miniupnp_projectminiupnpcMatch1.92015-07-23

miniupnp_projectminiupnpcMatch1.92015-08-16

miniupnp_projectminiupnpcMatch1.92015-08-27

miniupnp_projectminiupnpcMatch1.92015-08-28

miniupnp_projectminiupnpcMatch1.92015-09-15

Node

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch15.04

Node

opensuseleapMatch42.1

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

CPENameOperatorVersion
miniupnp_project:miniupnpcminiupnp project miniupnpcle1.9

CPE	Name	Operator	Version
miniupnp_project:miniupnpc	miniupnp project miniupnpc	le	1.9

References

lists.opensuse.org/opensuse-updates/2015-11/msg00122.html

talosintel.com/reports/TALOS-2015-0035/

www.debian.org/security/2015/dsa-3379

www.securityfocus.com/bid/77306

www.ubuntu.com/usn/USN-2780-1

www.ubuntu.com/usn/USN-2780-2

github.com/miniupnp/miniupnp/blob/master/miniupnpc/Changelog.txt

github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78

security.gentoo.org/glsa/201801-08

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.0%

JSON

Related for CVE-2015-6031

gentoo1 nessus6 debian2 cvelist1 freebsd1 openvas5 securityvulns2 nvd1 threatpost1 prion1 archlinux1 talos1 debiancve1 ubuntu2 ubuntucve1 mageia1