FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

miniupnpc -- integer signedness error

Affected packages
miniupnpc < 2.0.20170509

Details

VuXML ID da1d5d2e-3eca-11e7-8861-0018fe623f2b
Discovery 2017-05-09
Entry 2017-05-22

Tintinweb reports:

An integer signedness error was found in miniupnp's miniwget allowing an unauthenticated remote entity typically located on the local network segment to trigger a heap corruption or an access violation in miniupnp's http response parser when processing a specially crafted chunked-encoded response to a request for the xml root description url.

References

CVE Name CVE-2017-8798
URL https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-8798