FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

miniupnpc -- buffer overflow

Affected packages
1.9.1 <= miniupnpc < 1.9.20150917
miniupnpc < 1.9_1


VuXML ID 06fefd2f-728f-11e5-a371-14dae9d210b8
Discovery 2015-09-15
Entry 2015-10-14
Modified 2015-10-14

Talos reports:

An exploitable buffer overflow vulnerability exists in the XML parser functionality of the MiniUPnP library. A specially crafted XML response can lead to a buffer overflow on the stack resulting in remote code execution. An attacker can set up a server on the local network to trigger this vulnerability.


CVE Name CVE-2015-6031