[Secure-testing-team] Bug#887129: miniupnpd: CVE-2017-1000494
Salvatore Bonaccorso
carnil at debian.org
Sun Jan 14 09:22:37 UTC 2018
Source: miniupnpd
Version: 1.8.20140523-4
Severity: important
Tags: security upstream
Forwarded: https://github.com/miniupnp/miniupnp/issues/268
Hi,
the following vulnerability was published for miniupnpd.
CVE-2017-1000494[0]:
| Uninitialized stack variable vulnerability in NameValueParserEndElt
| (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause
| Denial of Service (Segmentation fault and Memory Corruption) or
| possibly have unspecified other impact
To demonstrate the issue one can compile miniupnpd, removing
hardening and addint noopt at teast and triggering the segfault by the
reproducers provided in the upstream issue.
Adapting the upstream commits [2], [3] to the older version seem to
adress the issue, please double check again.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-1000494
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000494
[1] https://github.com/miniupnp/miniupnp/issues/268
[2] https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7168a
[3] https://github.com/miniupnp/miniupnp/commit/a0573e251817ec090a8c9f9f41b56d720c835a6c
Regards,
Salvatore
More information about the Secure-testing-team
mailing list