A vulnerability in MiniUPnPc might allow remote attackers to execute arbitrary code.
Package | net-libs/miniupnpc on all architectures |
---|---|
Affected versions | < 2.0.20170509 |
Unaffected versions | >= 2.0.20170509 |
The client library, enabling applications to access the services provided by an UPnP “Internet Gateway Device” present on the network.
An exploitable buffer overflow vulnerability exists in the XML parser functionality of the MiniUPnP library.
A remote attacker, by enticing a user to connect to a malicious server, could cause the execution of arbitrary code with the privileges of the user running a MiniUPnPc linked application.
There is no known workaround at this time.
All MiniUPnPc users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/miniupnpc-2.0.20170509"
Release date
January 07, 2018
Latest revision
January 07, 2018: 1
Severity
normal
Exploitable
remote
Bugzilla entries