miniupnpd <= 2.0 is vulnerable to two different vulnerabilities that can allow a remote attacker to cause a denial of service or potentially execute code. An uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact. Heap buffer-overflow in parseelt (minixml.c) could potentially lead to remote code execution. References: https://nvd.nist.gov/vuln/detail/CVE-2017-1000494 https://github.com/miniupnp/miniupnp/issues/268
Created miniupnpc tracking bugs for this issue: Affects: epel-all [bug 1532504] Affects: fedora-all [bug 1532505]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.