CVE-2020-28926
published 2020-11-30CVE-2020-28926: ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
14.34%
96.2th percentile
ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | minidlna | < minidlna 1.2.1+dfsg-3 (bookworm) | minidlna 1.2.1+dfsg-3 (bookworm) |
| readymedia_project | readymedia | < 1.3.0 | 1.3.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit vector is a malicious UPnP HTTP request using HTTP chunked encoding sent to the miniDLNA service, triggering a signedness bug leading to buffer overflow in memcpy/memmove ↗
- →Monitor for anomalous or malformed HTTP chunked-encoding requests directed at the MiniDLNA/ReadyMedia UPnP service port (default TCP 8200) ↗
- ·Vulnerability only affects ReadyMedia (MiniDLNA) versions prior to 1.3.0; upgrade to 1.3.0 or later (Debian fixed in 1.2.1+dfsg-3) to remediate ↗
- ·Debian scope is listed as 'local' despite the NVD and Ubuntu advisories describing a remote attack vector — verify exposure based on your deployment context ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gvj3-gg8w-3vrm: ReadyMedia (aka MiniDLNA) before versions 1
ghsa_unreviewed·2022-05-24
CVE-2020-28926 [CRITICAL] CWE-120 GHSA-gvj3-gg8w-3vrm: ReadyMedia (aka MiniDLNA) before versions 1
ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove.
OSV
minidlna vulnerabilities
osv·2021-02-04·CVSS 7.5
CVE-2020-12695 [HIGH] minidlna vulnerabilities
minidlna vulnerabilities
It was discovered that ReadyMedia (MiniDLNA) allowed subscription requests with
a delivery URL on a different network segment than the fully qualified event-
subscription URL. An attacker could use this to hijack smart devices and cause
denial of service attacks. (CVE-2020-12695)
It was discovered that ReadyMedia (MiniDLNA) allowed remote code execution.
A remote attacker could send a malicious UPnP HTTP request to the service
using HTTP chunked encoding and cause a denial of service.
(CVE-2020-28926)
OSV
CVE-2020-28926: ReadyMedia (aka MiniDLNA) before versions 1
osv·2020-11-30·CVSS 9.8
CVE-2020-28926 [CRITICAL] CVE-2020-28926: ReadyMedia (aka MiniDLNA) before versions 1
ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove.
Ubuntu
ReadyMedia (MiniDLNA) vulnerabilities
vendor_ubuntu·2021-02-04·CVSS 7.5
CVE-2020-12695 [HIGH] ReadyMedia (MiniDLNA) vulnerabilities
Title: ReadyMedia (MiniDLNA) vulnerabilities
Summary: ReadyMedia (MiniDLNA) could be made to crash if it received specially crafted
input.
It was discovered that ReadyMedia (MiniDLNA) allowed subscription requests with
a delivery URL on a different network segment than the fully qualified event-
subscription URL. An attacker could use this to hijack smart devices and cause
denial of service attacks. (CVE-2020-12695)
It was discovered that ReadyMedia (MiniDLNA) allowed remote code execution.
A remote attacker could send a malicious UPnP HTTP request to the service
using HTTP chunked encoding and cause a denial of service.
(CVE-2020-28926)
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2020-28926: minidlna - ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Se...
vendor_debian·2020·CVSS 9.8
CVE-2020-28926 [CRITICAL] CVE-2020-28926: minidlna - ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Se...
ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove.
Scope: local
bookworm: resolved (fixed in 1.2.1+dfsg-3)
bullseye: resolved (fixed in 1.2.1+dfsg-3)
forky: resolved (fixed in 1.2.1+dfsg-3)
sid: resolved (fixed in 1.2.1+dfsg-3)
trixie: resolved (fixed in 1.2.1+dfsg-3)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://lists.debian.org/debian-lts-announce/2020/12/msg00017.htmlhttps://sourceforge.net/projects/minidlna/https://www.debian.org/security/2020/dsa-4806https://www.rootshellsecurity.net/remote-heap-corruption-bug-discovery-minidlna/https://lists.debian.org/debian-lts-announce/2020/12/msg00017.htmlhttps://sourceforge.net/projects/minidlna/https://www.debian.org/security/2020/dsa-4806https://www.rootshellsecurity.net/remote-heap-corruption-bug-discovery-minidlna/
2020-11-30
Published