[Secure-testing-team] Bug#887129: miniupnpd: CVE-2017-1000494

Salvatore Bonaccorso carnil at debian.org
Sun Jan 14 09:22:37 UTC 2018


Source: miniupnpd
Version: 1.8.20140523-4
Severity: important
Tags: security upstream
Forwarded: https://github.com/miniupnp/miniupnp/issues/268

Hi,

the following vulnerability was published for miniupnpd.

CVE-2017-1000494[0]:
| Uninitialized stack variable vulnerability in NameValueParserEndElt
| (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause
| Denial of Service (Segmentation fault and Memory Corruption) or
| possibly have unspecified other impact

To demonstrate the issue one can compile miniupnpd, removing
hardening and addint noopt at teast and triggering the segfault by the
reproducers provided in the upstream issue.

Adapting the upstream commits [2], [3] to the older version seem to
adress the issue, please double check again.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-1000494
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000494
[1] https://github.com/miniupnp/miniupnp/issues/268
[2] https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7168a
[3] https://github.com/miniupnp/miniupnp/commit/a0573e251817ec090a8c9f9f41b56d720c835a6c 

Regards,
Salvatore



More information about the Secure-testing-team mailing list