A buffer overflow in MiniUPnPc might allow remote attackers to cause a Denial of Service condition.
Package | net-libs/miniupnpc on all architectures |
---|---|
Affected versions | < 1.9.20150427 |
Unaffected versions | >= 1.9.20150427 |
UPnP client library and a simple UPnP client.
An out-of-bounds read was discovered in the getHTTPResponse function in miniwget.c in MiniUPnPc.
Remote attackers, through specially crafted headers, could cause a Denial of Service condition.
There is no known workaround at this time.
All MiniUPnPc users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/miniupnpc-1.9.20150427"
Release date
January 17, 2017
Latest revision
January 17, 2017: 01
Severity
normal
Exploitable
remote
Bugzilla entries