Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2013-0230 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Project Miniupnpd
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer23 documents8 sources
Severity
10.0CRITICALNVD
NVD7.8
EPSS
65.9%
top 1.48%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedJan 31
Latest updateMay 17
Description
Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method.
CVSS vector
AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0
Affected Packages2 packages
🔴Vulnerability Details
4GHSA▶
GHSA-rhgq-m6r3-xf46: Integer signedness error in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1↗2022-05-17
GHSA▶
GHSA-fp8r-qhv9-2hqm: The ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1↗2022-05-17
GHSA▶
GHSA-v9m6-5wqp-m9mc: Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1↗2022-05-05
VulnCheck▶
miniupnp_project miniupnpd Improper Restriction of Operations within the Bounds of a Memory Buffer↗2013
💥Exploits & PoCs
5Exploit-DB
▶
Exploit-DB
▶
📋Vendor Advisories
3Debian▶
CVE-2013-0230: miniupnpd - Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction ...↗2013
Debian▶
CVE-2013-1462: miniupnpd - Integer signedness error in the ExecuteSoapAction function in the SOAPAction han...↗2013
Debian▶
CVE-2013-1461: miniupnpd - The ExecuteSoapAction function in the SOAPAction handler in the HTTP service in ...↗2013