CVE-2017-1000494 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Project Miniupnpd
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer12 documents7 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 76.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 3
Latest updateMay 14
Description
Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages4 packages
Patches
🔴Vulnerability Details
2📋Vendor Advisories
2🕵️Threat Intelligence
4💬Community
3Bugzilla▶
CVE-2017-1000494 miniupnpc: Multiple vulnerabilities can allow a remote attacker to cause a denial of service or potentially execute code↗2018-01-09
Bugzilla▶
CVE-2017-1000494 miniupnpc: Multiple vulnerabilities can allow a remote attacker to cause a denial of service or potentially execute code [fedora-all]↗2018-01-09
Bugzilla▶
CVE-2017-1000494 miniupnpc: Multiple vulnerabilities can allow a remote attacker to cause a denial of service or potentially execute code [epel-all]↗2018-01-09