Bug 1270841 - (CVE-2015-6031) CVE-2015-6031 miniupnpc: Buffer overflow vulnerability in XML parser functionality
CVE-2015-6031 miniupnpc: Buffer overflow vulnerability in XML parser function...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 1270842
  Show dependency treegraph
Reported: 2015-10-12 09:50 EDT by Adam Mariš
Modified: 2015-10-25 13:34 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Adam Mariš 2015-10-12 09:50:26 EDT
A buffer overflow vulnerability was found in the XML parser functionality of MiniUPnP library. A specially crafted XML response can lead to a buffer overflow on the stack resulting in remote code execution. An attacker can set up a server on the local network to trigger this vulnerability. Buffer overflow is present in client-side, miniupnpc, part of the library. Vulnerable part of the code is triggered when applications using miniupnpc library are doing initial network discovery upon startup, while parsing the replies from UPNP servers on the local network. Buffer overflow is triggered by an oversized XML element name.

More info can be found here:

Comment 1 Adam Mariš 2015-10-12 09:50:53 EDT
Created miniupnpc tracking bugs for this issue:

Affects: fedora-all [bug 1270842]

Note You need to log in before you can comment on or make changes to this bug.