Debian Minidlna vulnerabilities

CVE-2024-51442 [HIGH] CVE-2024-51442: minidlna - Command Injection in Minidlna version v1.3.3 and before allows an attacker to ex... Command Injection in Minidlna version v1.3.3 and before allows an attacker to execute arbitrary OS commands via a specially crafted minidlna.conf configuration file. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2023-33476 [CRITICAL] CVE-2023-33476: minidlna - ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer O... ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk values that exceed the length of the allocated buffer, resulting in out-of-bounds read/wr

CVE-2023-47430 [HIGH] CVE-2023-47430: minidlna - Stack-buffer-overflow vulnerability in ReadyMedia (MiniDLNA) v1.3.3 allows attac... Stack-buffer-overflow vulnerability in ReadyMedia (MiniDLNA) v1.3.3 allows attackers to cause a denial of service via via the SendContainer() function at tivo_commands.c. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2022-26505 [HIGH] CVE-2022-26505: minidlna - A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a re... A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files. Scope: local bookworm: resolved (fixed in 1.3.0+dfsg-2.2) bullseye: resolved (fixed in 1.3.0+dfsg-2+deb11u1) forky: resolved (fixed in 1.3.0+dfsg-2.2) sid: resolved (fixed in 1.3.0+dfsg-2.2) trixie: resolved (fixed in 1.3.0+dfsg-2.2)

CVE-2020-28926 [CRITICAL] CVE-2020-28926: minidlna - ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Se... ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove. Scope: local bookworm: resolved (fixed in 1.2.1+dfsg-3) bullseye: resolved (fixed in 1.2.1+dfsg-3) forky: r

CVE-2020-12695 [HIGH] CVE-2020-12695: gupnp - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not f... The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. Scope: local bookworm: resolved (fixed in 1.2.3-1) bullseye: resolved (fixed in 1.2.3-1) forky: resolved (fixed in

CVE-2013-2745 [CRITICAL] CVE-2013-2745: minidlna - An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0 An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0 Scope: local bookworm: resolved (fixed in 1.1.2+dfsg-1) bullseye: resolved (fixed in 1.1.2+dfsg-1) forky: resolved (fixed in 1.1.2+dfsg-1) sid: resolved (fixed in 1.1.2+dfsg-1) trixie: resolved (fixed in 1.1.2+dfsg-1)

CVE-2013-2739 [CRITICAL] CVE-2013-2739: minidlna - MiniDLNA has heap-based buffer overflow MiniDLNA has heap-based buffer overflow Scope: local bookworm: resolved (fixed in 1.1.2+dfsg-1) bullseye: resolved (fixed in 1.1.2+dfsg-1) forky: resolved (fixed in 1.1.2+dfsg-1) sid: resolved (fixed in 1.1.2+dfsg-1) trixie: resolved (fixed in 1.1.2+dfsg-1)

CVE-2013-2738 [CRITICAL] CVE-2013-2738: minidlna - minidlna has SQL Injection that may allow retrieval of arbitrary files minidlna has SQL Injection that may allow retrieval of arbitrary files Scope: local bookworm: resolved (fixed in 1.1.2+dfsg-1) bullseye: resolved (fixed in 1.1.2+dfsg-1) forky: resolved (fixed in 1.1.2+dfsg-1) sid: resolved (fixed in 1.1.2+dfsg-1) trixie: resolved (fixed in 1.1.2+dfsg-1)