CVE-2014-3985 — Project Miniupnp vulnerability

6 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

1.9%

top 16.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Miniupnpc Miniupnp Project Miniupnp Opensuse

Timeline

PublishedSep 11

Latest updateMay 13

Description

The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows remote attackers to cause a denial of service (crash) via crafted headers that trigger an out-of-bounds read.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/miniupnpc< miniupnpc 1.6-4 (bookworm)

▶NVDminiupnp_project/miniupnp1.9

▶NVDopensuse/opensuse12.3, 13.1+1

Patches

Patch: bugzilla.redhat.com ↗Patch: github.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-jwgg-6gv4-m9cx: The getHTTPResponse function in miniwget↗2022-05-13

▶

OSV

CVE-2014-3985: The getHTTPResponse function in miniwget↗2014-09-11

▶

📋Vendor Advisories

Ubuntu

MiniUPnPc vulnerability↗2014-07-16

▶

Debian

CVE-2014-3985: miniupnpc - The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows remote attacke...↗2014

▶

💬Community

Bugzilla

CVE-2014-3985 miniupnpc buffer overrun - network facing DoS crash↗2014-04-09

▶