CVE-2017-1000494

Priority
Medium
Description
Uninitialized stack variable vulnerability in NameValueParserEndElt
(upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of
Service (Segmentation fault and Memory Corruption) or possibly have
unspecified other impact
References
Bugs
Notes
 mdeslaur> bug mentions second issue, which is fixed by
 mdeslaur> https://github.com/miniupnp/miniupnp/commit/a0573e251817ec090a8c9f9f41b56d720c835a6c
 mdeslaur> doesn't seem to be a CVE number for the second issue
 mdeslaur>
 mdeslaur> Another issue in https://github.com/miniupnp/miniupnp/issues/267
 mdeslaur> fixed by https://github.com/miniupnp/miniupnp/commit/9fcc0a72f09e6e1aa46ddcc997d3dcae87d4b416
 mdeslaur> (miniupnpd only)
 mdeslaur> no cve number either
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 17.10 (Artful Aardvark):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Patches:
Upstream:https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7168a
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (1.6-3ubuntu2.14.04.4)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.9.20140610-2ubuntu2.16.04.2)
Ubuntu 17.10 (Artful Aardvark):released (1.9.20140610-4ubuntu1.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (1.9.20140610-4ubuntu2)
Patches:
Upstream:https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7168a
More Information

Updated: 2018-02-13 13:14:25 UTC (commit 14182)