CVE-2015-6031

Published: 16 October 2015

Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an "oversized" XML element name.

Priority

Status

Package	Release	Status
miniupnpc Launchpad, Ubuntu, Debian	precise	Released (1.6-3ubuntu1.2)
	trusty	Released (1.6-3ubuntu2.14.04.2)
	upstream	Needs triage
	vivid	Released (1.9.20140610-2ubuntu1.1)
	wily	Released (1.9.20140610-2ubuntu2)
	Patches: upstream: https://github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78

References

http://talosintel.com/reports/TALOS-2015-0035/
https://ubuntu.com/security/notices/USN-2780-1
https://ubuntu.com/security/notices/USN-2780-2
https://www.cve.org/CVERecord?id=CVE-2015-6031
NVD
Launchpad
Debian

Bugs

https://bugs.launchpad.net/ubuntu/+source/miniupnpc/+bug/1506017

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›