CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
66.0%
ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to
Buffer Overflow. The vulnerability is caused by incorrect validation logic
when handling HTTP requests using chunked transport encoding. This results
in other code later using attacker-controlled chunk values that exceed the
length of the allocated buffer, resulting in out-of-bounds read/write.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | minidlna | < 1.2.1+dfsg-1ubuntu0.18.04.1+esm1 | UNKNOWN |
ubuntu | 20.04 | noarch | minidlna | < 1.2.1+dfsg-1ubuntu0.20.04.2 | UNKNOWN |
ubuntu | 22.04 | noarch | minidlna | < 1.3.0+dfsg-2.1ubuntu0.1 | UNKNOWN |
ubuntu | 23.04 | noarch | minidlna | < 1.3.0+dfsg-2.2ubuntu0.1 | UNKNOWN |
ubuntu | 16.04 | noarch | minidlna | < 1.1.5+dfsg-2ubuntu0.1+esm1 | UNKNOWN |
blog.coffinsec.com/0day/2023/05/31/minidlna-heap-overflow-rca.html
launchpad.net/bugs/cve/CVE-2023-33476
nvd.nist.gov/vuln/detail/CVE-2023-33476
security-tracker.debian.org/tracker/CVE-2023-33476
sourceforge.net/p/minidlna/git/ci/9bd58553fae5aef3e6dd22f51642d2c851225aec/
sourceforge.net/projects/minidlna/
ubuntu.com/security/notices/USN-6398-1
www.cve.org/CVERecord?id=CVE-2023-33476