MiniUPnPc: Buffer overflow — GLSA 201701-41

A buffer overflow in MiniUPnPc might allow remote attackers to cause a Denial of Service condition.

Affected packages

net-libs/miniupnpc on all architectures
Affected versions < 1.9.20150427
Unaffected versions >= 1.9.20150427

Background

UPnP client library and a simple UPnP client.

Description

An out-of-bounds read was discovered in the getHTTPResponse function in miniwget.c in MiniUPnPc.

Impact

Remote attackers, through specially crafted headers, could cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All MiniUPnPc users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-libs/miniupnpc-1.9.20150427"
 

References

Release date
January 17, 2017

Latest revision
January 17, 2017: 01

Severity
normal

Exploitable
remote

Bugzilla entries