← Back

CVE-2015-6031

nvd nist
Published: Nov 2, 2015Modified: May 6, 2026

JSON object

Loading...
6.8
Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
Exploitability: 8.6 / Impact: 6.4
Source: NVD

Description

Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an "oversized" XML element name.

Affected (30)

Show all products
Miniupnp Project: Miniupnpc · Debian: Debian Linux · Canonical: Ubuntu Linux · Opensuse: Leap, Opensuse
Miniupnp Project
1 product
Miniupnpc
Debian
1 product
Debian Linux
Canonical
1 product
Ubuntu Linux
Opensuse
2 products
Leap
Opensuse
Configuration A
22 vulnerable
Vulnerable SoftwareAffected Versions
Miniupnp Project
Miniupnpc
Up to 1.9
Miniupnpc
Version 1.9 2014-02-03
Miniupnpc
Version 1.9 2014-02-05
Miniupnpc
Version 1.9 2014-05-15
Miniupnpc
Version 1.9 2014-06-10
Miniupnpc
Version 1.9 2014-07-01
Miniupnpc
Version 1.9 2014-09-06
Miniupnpc
Version 1.9 2014-09-11
Miniupnpc
Version 1.9 2014-11-05
Miniupnpc
Version 1.9 2014-11-13
Miniupnpc
Version 1.9 2014-11-17
Miniupnpc
Version 1.9 2015-04-27
Miniupnpc
Version 1.9 2015-04-30
Miniupnpc
Version 1.9 2015-05-22
Miniupnpc
Version 1.9 2015-06-16
Miniupnpc
Version 1.9 2015-07-15
Miniupnpc
Version 1.9 2015-07-22
Miniupnpc
Version 1.9 2015-07-23
Miniupnpc
Version 1.9 2015-08-16
Miniupnpc
Version 1.9 2015-08-27
Miniupnpc
Version 1.9 2015-08-28
Miniupnpc
Version 1.9 2015-09-15
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 7.0
Debian Linux
Version 8.0
Configuration C
3 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 12.04
Ubuntu Linux
Version 14.04
Ubuntu Linux
Version 15.04
Configuration D
3 vulnerable
Vulnerable SoftwareAffected Versions
Leap
Version 42.1
Opensuse
Opensuse
Version 13.1
Opensuse
Version 13.2

Related CWEs

CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (18)

Source: cret@cert.org
Mailing ListThird Party Advisory
Source: cret@cert.org
Exploit
Source: cret@cert.org
Third Party Advisory
Source: cret@cert.org
Third Party AdvisoryVDB Entry
Source: cret@cert.org
Third Party Advisory
Source: cret@cert.org
Third Party Advisory
Source: cret@cert.org
Third Party Advisory
Source: cret@cert.org
Third Party Advisory
Source: cret@cert.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.