PublicDateAtUSN: 2015-10-16
Candidate: CVE-2015-6031
PublicDate: 2015-11-02 19:59:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6031
 http://talosintel.com/reports/TALOS-2015-0035/
 https://ubuntu.com/security/notices/USN-2780-1
 https://ubuntu.com/security/notices/USN-2780-2
Description:
 Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the
 MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP
 servers to cause a denial of service (application crash) and possibly
 execute arbitrary code via an "oversized" XML element name.
Ubuntu-Description: 
Notes: 
Bugs: 
 https://bugs.launchpad.net/ubuntu/+source/miniupnpc/+bug/1506017
Priority: medium
Discovered-by: Aleksandar Nikolic
Assigned-to: sbeattie
CVSS: 

Patches_miniupnpc:
 upstream: https://github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78
upstream_miniupnpc: needs-triage
precise_miniupnpc: released (1.6-3ubuntu1.2)
trusty_miniupnpc: released (1.6-3ubuntu2.14.04.2)
trusty/esm_miniupnpc: DNE (trusty was released [1.6-3ubuntu2.14.04.2])
vivid_miniupnpc: released (1.9.20140610-2ubuntu1.1)
wily_miniupnpc: released (1.9.20140610-2ubuntu2)
devel_miniupnpc: not-affected (1.9.20140610-2ubuntu2)