CVE-2023-33476

CRITICAL

ReadyMedia (MiniDLNA) <1.3.2 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-33476. PoCs published by mellow-hype.

AI-analyzed exploit summary This repository contains functional exploit PoCs for CVE-2023-33476, a heap overflow vulnerability in ReadyMedia (MiniDLNA) versions 1.1.15 to 1.3.2. The exploits leverage tcache poisoning techniques to achieve remote code execution via GOT overwrite (x86-64) and RIP overwrite (ARM32).

Description

ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk values that exceed the length of the allocated buffer, resulting in out-of-bounds read/write.

Exploits (1)

nomisec WORKING POC 19 stars

by mellow-hype · poc

https://github.com/mellow-hype/cve-2023-33476

View Code ZIP pw:eip

This repository contains functional exploit PoCs for CVE-2023-33476, a heap overflow vulnerability in ReadyMedia (MiniDLNA) versions 1.1.15 to 1.3.2. The exploits leverage tcache poisoning techniques to achieve remote code execution via GOT overwrite (x86-64) and RIP overwrite (ARM32).

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: ReadyMedia (MiniDLNA) 1.1.15 to 1.3.2

No auth needed

Prerequisites: Known addresses of system() and GOT entries for x86-64 exploit · Known system() and stack addresses for ARM32 exploit · Network access to the vulnerable MiniDLNA service

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →