CVE-2015-6031

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an "oversized" XML element name.

References

http://lists.opensuse.org/opensuse-updates/2015-11/msg00122.html

http://talosintel.com/reports/TALOS-2015-0035/

http://www.debian.org/security/2015/dsa-3379

http://www.securityfocus.com/bid/77306

http://www.ubuntu.com/usn/USN-2780-1

http://www.ubuntu.com/usn/USN-2780-2

https://github.com/miniupnp/miniupnp/blob/master/miniupnpc/Changelog.txt

https://github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78

https://security.gentoo.org/glsa/201801-08

Details

Source: MITRE

Published: 2015-11-02

Updated: 2019-06-18

Type: CWE-119

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:miniupnp_project:miniupnpc:*:*:*:*:*:*:*:* versions up to 1.9 (inclusive)

cpe:2.3:a:miniupnp_project:miniupnpc:1.9:2014-02-03:*:*:*:*:*:*

cpe:2.3:a:miniupnp_project:miniupnpc:1.9:2014-02-05:*:*:*:*:*:*

cpe:2.3:a:miniupnp_project:miniupnpc:1.9:2014-05-15:*:*:*:*:*:*

cpe:2.3:a:miniupnp_project:miniupnpc:1.9:2014-06-10:*:*:*:*:*:*

cpe:2.3:a:miniupnp_project:miniupnpc:1.9:2014-07-01:*:*:*:*:*:*

cpe:2.3:a:miniupnp_project:miniupnpc:1.9:2014-09-06:*:*:*:*:*:*

cpe:2.3:a:miniupnp_project:miniupnpc:1.9:2014-09-11:*:*:*:*:*:*

cpe:2.3:a:miniupnp_project:miniupnpc:1.9:2014-11-05:*:*:*:*:*:*

cpe:2.3:a:miniupnp_project:miniupnpc:1.9:2014-11-13:*:*:*:*:*:*

cpe:2.3:a:miniupnp_project:miniupnpc:1.9:2014-11-17:*:*:*:*:*:*

cpe:2.3:a:miniupnp_project:miniupnpc:1.9:2015-04-27:*:*:*:*:*:*

cpe:2.3:a:miniupnp_project:miniupnpc:1.9:2015-04-30:*:*:*:*:*:*

cpe:2.3:a:miniupnp_project:miniupnpc:1.9:2015-05-22:*:*:*:*:*:*

cpe:2.3:a:miniupnp_project:miniupnpc:1.9:2015-06-16:*:*:*:*:*:*

cpe:2.3:a:miniupnp_project:miniupnpc:1.9:2015-07-15:*:*:*:*:*:*

cpe:2.3:a:miniupnp_project:miniupnpc:1.9:2015-07-22:*:*:*:*:*:*

cpe:2.3:a:miniupnp_project:miniupnpc:1.9:2015-07-23:*:*:*:*:*:*

cpe:2.3:a:miniupnp_project:miniupnpc:1.9:2015-08-16:*:*:*:*:*:*

cpe:2.3:a:miniupnp_project:miniupnpc:1.9:2015-08-27:*:*:*:*:*:*

cpe:2.3:a:miniupnp_project:miniupnpc:1.9:2015-08-28:*:*:*:*:*:*

cpe:2.3:a:miniupnp_project:miniupnpc:1.9:2015-09-15:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Tenable Plugins

View all (6 total)

IDNameProductFamilySeverity
105634GLSA-201801-08 : MiniUPnPc: Arbitrary code executionNessusGentoo Local Security Checks
medium
87006openSUSE Security Update : miniupnpc (openSUSE-2015-789)NessusSuSE Local Security Checks
medium
86582Debian DSA-3379-1 : miniupnpc - security updateNessusDebian Local Security Checks
medium
86566Ubuntu 15.10 : miniupnpc vulnerability (USN-2780-2)NessusUbuntu Local Security Checks
medium
86494Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : miniupnpc vulnerability (USN-2780-1)NessusUbuntu Local Security Checks
medium
86385FreeBSD : miniupnpc -- buffer overflow (06fefd2f-728f-11e5-a371-14dae9d210b8)NessusFreeBSD Local Security Checks
medium