Description
Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an "oversized" XML element name.
References (9)
Core 9
Core References
Third Party Advisory x_refsource_confirm
https://github.com/miniupnp/miniupnp/blob/master/miniupnpc/Changelog.txt
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201801-08
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3379
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2780-1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/77306
Exploit x_refsource_misc
http://talosintel.com/reports/TALOS-2015-0035/
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2780-2
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-11/msg00122.html
Third Party Advisory x_refsource_confirm
https://github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78
Scores
EPSS
0.0280
EPSS Percentile
86.2%
Details
CWE
CWE-119
Status
published
Products (10)
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
15.04
debian/debian_linux
7.0
debian/debian_linux
8.0
miniupnp_project/miniupnpc
1.9 2014-02-03 (21 CPE variants)
miniupnp_project/miniupnpc
< 1.9
opensuse/leap
42.1
opensuse/opensuse
13.1
opensuse/opensuse
13.2
Published
Nov 02, 2015
Tracked Since
Feb 18, 2026