#4321: CVE-2015-6031
---------------------------------------+----------------------------
Reporter: KlassKill | Owner:
Type: bug | Status: new
Priority: normal | Milestone: unspecified
Component: Engine: Networking | Version: 3.1 and master
Operating System: All/Non-Specific |
---------------------------------------+----------------------------
Original release date: 11/02/2015
Last revised: 11/03/2015
Source: US-CERT/NIST
Overview
Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the
MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP
servers to cause a denial of service (application crash) and possibly
execute arbitrary code via an "oversized" XML element name.
Impact
CVSS Severity (version 2.0):
CVSS v2 Base Score: 6.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore: 6.4
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized disclosure of information; Allows
unauthorized modification; Allows disruption of service
--
Ticket URL: <http://developer.wz2100.net/ticket/4321>
Warzone 2100 Trac <http://developer.wz2100.net/>
The Warzone 2100 Project
------------------------------------------------------------------------------
_______________________________________________
Warzone2100-project mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/warzone2100-project
