A vulnerability in MiniUPnPc might allow remote attackers to execute arbitrary code.
|Package||net-libs/miniupnpc on all architectures|
|Affected versions||< 2.0.20170509|
|Unaffected versions||>= 2.0.20170509|
The client library, enabling applications to access the services provided by an UPnP “Internet Gateway Device” present on the network.
An exploitable buffer overflow vulnerability exists in the XML parser functionality of the MiniUPnP library.
A remote attacker, by enticing a user to connect to a malicious server, could cause the execution of arbitrary code with the privileges of the user running a MiniUPnPc linked application.
There is no known workaround at this time.
All MiniUPnPc users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/miniupnpc-2.0.20170509"
January 07, 2018
January 07, 2018: 1