CVE-2017-1000494
published 2018-01-03CVE-2017-1000494: Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service…
PriorityP431high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
EPSS
0.47%
36.9th percentile
Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | miniupnpc | < miniupnpc 2.0.20171212-3 (bookworm) | miniupnpc 2.0.20171212-3 (bookworm) |
| debian | miniupnpd | < miniupnpc 2.0.20171212-3 (bookworm) | miniupnpc 2.0.20171212-3 (bookworm) |
| miniupnp_project | miniupnpd | < 2.0 | 2.0 |
| miniupnp_project | miniupnpd | >= 0 < 2.0.20171212-1 | 2.0.20171212-1 |
| miniupnp_project | miniupnpd | >= 0 < 2.0.20171212-1 | 2.0.20171212-1 |
| miniupnp_project | miniupnpd | >= 0 < 2.0.20171212-1 | 2.0.20171212-1 |
| miniupnp_project | miniupnpd | >= 0 < 2.0.20171212-1 | 2.0.20171212-1 |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv7.8HIGH
vendor_debian7.8LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cmwg-g372-6738: Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse
ghsa_unreviewed·2022-05-14
CVE-2017-1000494 [HIGH] CWE-119 GHSA-cmwg-g372-6738: Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse
Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact
OSV
CVE-2017-1000494: Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse
osv·2018-01-03·CVSS 7.8
CVE-2017-1000494 [HIGH] CVE-2017-1000494: Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse
Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact
Ubuntu
MiniUPnP vulnerabilities
vendor_ubuntu·2018-02-07
CVE-2017-1000494 MiniUPnP vulnerabilities
Title: MiniUPnP vulnerabilities
Summary: MiniUPnP could be made to crash or run programs if it received specially
crafted network traffic.
It was discovered that MiniUPnP incorrectly handled memory. A remote
attacker could use this issue to cause a denial of service or possibly
execute arbitrary code with privileges of the user running an application
that uses the MiniUPnP library.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2017-1000494: miniupnpc - Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplypa...
vendor_debian·2017·CVSS 7.8
CVE-2017-1000494 [HIGH] CVE-2017-1000494: miniupnpc - Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplypa...
Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact
Scope: local
bookworm: resolved (fixed in 2.0.20171212-3)
bullseye: resolved (fixed in 2.0.20171212-3)
forky: resolved (fixed in 2.0.20171212-3)
sid: resolved (fixed in 2.0.20171212-3)
trixie: resolved (fixed in 2.0.20171212-3)
No detection rules found.
No public exploits indexed.
Trendmicro
UPnP-enabled Home Devices and Vulnerabilities
blogs_trendmicro·2019-03-06
UPnP-enabled Home Devices and Vulnerabilities
# UPnP-enabled Home Devices and Vulnerabilities
UPnP convenience comes security holes that range from attackers gaining control of devices to bypassing firewall protections. We looked into UPnP-related events in home networks and found that many users still have UPnP enabled in their devices."
By: Tony Yang
Mar 06, 2019
Read time: ( words)
Save to Folio
Earlier this year, users of Chromecast streaming dongles, Google Home devices, and smart TVs were inundated with a message promoting YouTuber PewDiePie’s channel. The hijacking is said to be part of an ongoing subscriber count battle on the video sharing site. The hackers behind it reportedly took advantage of poorly configured routers that had the Universal Plug and Play (UPnP) service enabled, which caused the routers to forward publ
Trendmicro
UPnP-enabled Home Devices and Vulnerabilities
blogs_trendmicro·2019-03-06
UPnP-enabled Home Devices and Vulnerabilities
# UPnP-enabled Home Devices and Vulnerabilities
UPnP convenience comes security holes that range from attackers gaining control of devices to bypassing firewall protections. We looked into UPnP-related events in home networks and found that many users still have UPnP enabled in their devices."
By: Tony Yang
2019/03/06
Read time: ( words)
Save to Folio
Earlier this year, users of Chromecast streaming dongles, Google Home devices, and smart TVs were inundated with a message promoting YouTuber PewDiePie’s channel. The hijacking is said to be part of an ongoing subscriber count battle on the video sharing site. The hackers behind it reportedly took advantage of poorly configured routers that had the Universal Plug and Play (UPnP) service enabled, which caused the routers to forward public
Trendmicro
UPnP-enabled Home Devices and Vulnerabilities
blogs_trendmicro·2019-03-06
UPnP-enabled Home Devices and Vulnerabilities
## UPnP-enabled Home Devices and Vulnerabilities
UPnP convenience comes security holes that range from attackers gaining control of devices to bypassing firewall protections. We looked into UPnP-related events in home networks and found that many users still have UPnP enabled in their devices."
By: Tony Yang 2019/03/06 Read time: ( words)
Save to Folio
Earlier this year, users of Chromecast streaming dongles, Google Home devices, and smart TVs were inundated with a message promoting YouTuber PewDiePie’s channel. The hijacking is said to be part of an ongoing subscriber count battle on the video sharing site. The hackers behind it reportedly took advantage of poorly configured routers that had the Universal Plug and Play (UPnP) service enabled, which caused the routers to forward public
Trendmicro
UPnP-enabled Home Devices and Vulnerabilities
blogs_trendmicro·2019-03-06
UPnP-enabled Home Devices and Vulnerabilities
## UPnP-enabled Home Devices and Vulnerabilities
UPnP convenience comes security holes that range from attackers gaining control of devices to bypassing firewall protections. We looked into UPnP-related events in home networks and found that many users still have UPnP enabled in their devices."
By: Tony Yang Mar 06, 2019 Read time: ( words)
Save to Folio
Earlier this year, users of Chromecast streaming dongles, Google Home devices, and smart TVs were inundated with a message promoting YouTuber PewDiePie’s channel. The hijacking is said to be part of an ongoing subscriber count battle on the video sharing site. The hackers behind it reportedly took advantage of poorly configured routers that had the Universal Plug and Play (UPnP) service enabled, which caused the routers to forward publ
Bugzilla
CVE-2017-1000494 miniupnpc: Multiple vulnerabilities can allow a remote attacker to cause a denial of service or potentially execute code
bugzilla·2018-01-09·CVSS 7.8
CVE-2017-1000494 [HIGH] CVE-2017-1000494 miniupnpc: Multiple vulnerabilities can allow a remote attacker to cause a denial of service or potentially execute code
CVE-2017-1000494 miniupnpc: Multiple vulnerabilities can allow a remote attacker to cause a denial of service or potentially execute code
miniupnpd <= 2.0 is vulnerable to two different vulnerabilities that can allow a remote attacker to cause a denial of service or potentially execute code.
An uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact.
Heap buffer-overflow in parseelt (minixml.c) could potentially lead to remote code execution.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-1000494
https://github.com/miniupnp/miniupnp/issues/268
Discussion:
Created miniupnpc tracking bugs for this issue:
Affects: epel-
Bugzilla
CVE-2017-1000494 miniupnpc: Multiple vulnerabilities can allow a remote attacker to cause a denial of service or potentially execute code [fedora-all]
bugzilla·2018-01-09·CVSS 7.8
CVE-2017-1000494 [HIGH] CVE-2017-1000494 miniupnpc: Multiple vulnerabilities can allow a remote attacker to cause a denial of service or potentially execute code [fedora-all]
CVE-2017-1000494 miniupnpc: Multiple vulnerabilities can allow a remote attacker to cause a denial of service or potentially execute code [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fed
Bugzilla
CVE-2017-1000494 miniupnpc: Multiple vulnerabilities can allow a remote attacker to cause a denial of service or potentially execute code [epel-all]
bugzilla·2018-01-09·CVSS 7.8
CVE-2017-1000494 [HIGH] CVE-2017-1000494 miniupnpc: Multiple vulnerabilities can allow a remote attacker to cause a denial of service or potentially execute code [epel-all]
CVE-2017-1000494 miniupnpc: Multiple vulnerabilities can allow a remote attacker to cause a denial of service or potentially execute code [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg
https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7168ahttps://github.com/miniupnp/miniupnp/issues/268https://lists.debian.org/debian-lts-announce/2019/05/msg00045.htmlhttps://usn.ubuntu.com/3562-1/https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7168ahttps://github.com/miniupnp/miniupnp/issues/268https://lists.debian.org/debian-lts-announce/2019/05/msg00045.htmlhttps://usn.ubuntu.com/3562-1/
2018-01-03
Published