FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

miniupnpc -- buffer overflow

Affected packages
1.9.1 <= miniupnpc < 1.9.20150917
miniupnpc < 1.9_1

Details

VuXML ID 06fefd2f-728f-11e5-a371-14dae9d210b8
Discovery 2015-09-15
Entry 2015-10-14
Modified 2015-10-14

Talos reports:

An exploitable buffer overflow vulnerability exists in the XML parser functionality of the MiniUPnP library. A specially crafted XML response can lead to a buffer overflow on the stack resulting in remote code execution. An attacker can set up a server on the local network to trigger this vulnerability.

References

CVE Name CVE-2015-6031
URL http://talosintel.com/reports/TALOS-2015-0035/
URL https://github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78