CVE-2017-8798

Published: 10 May 2017

Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact.

Priority

CVSS 3 base score: 9.8

Status

Package	Release	Status
miniupnpc Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Does not exist (trusty was released [1.6-3ubuntu2.14.04.3])
	upstream	Released (1.9.20140610-3)
	xenial	Released (1.9.20140610-2ubuntu2.16.04.1)
	yakkety	Released (1.9.20140610-2ubuntu2.16.10.1)
	zesty	Released (1.9.20140610-2ubuntu2.17.04.1)
	Patches: upstream: https://github.com/miniupnp/miniupnp/commit/f0f1f4b22d6a98536377a1bb07e7c20e4703d229

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8798
https://github.com/tintinweb/pub/blob/master/pocs/cve-2017-8798/Readme.md
https://ubuntu.com/security/notices/USN-3298-1
https://ubuntu.com/security/notices/USN-3298-2
NVD
Launchpad
Debian

Bugs

https://launchpad.net/bugs/1690816
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862273

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›