Debian Miniupnpc vulnerabilities

CVE-2017-8798 [CRITICAL] CVE-2017-8798: miniupnpc - Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows... Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact. Scope: local bookworm: resolved (fixed in 1.9.20140610-3) bullseye: resolved (fixed in 1.9.20140610-3) forky: resolved (fixed in 1.9.20140610-3) sid: resolved (fixed in 1.9.20140610-3) trixie: r

CVE-2017-1000494 [HIGH] CVE-2017-1000494: miniupnpc - Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplypa... Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact Scope: local bookworm: resolved (fixed in 2.0.20171212-3) bullseye: resolved (fixed in 2.0.20171212-3) forky: resolved (fixed

CVE-2015-6031 [MEDIUM] CVE-2015-6031: miniupnpc - Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP ... Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an "oversized" XML element name. Scope: local bookworm: resolved (fixed in 1.9.20140610-2.1) bullseye: resolved (fixed in 1.9.2

CVE-2014-3985 [MEDIUM] CVE-2014-3985: miniupnpc - The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows remote attacke... The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows remote attackers to cause a denial of service (crash) via crafted headers that trigger an out-of-bounds read. Scope: local bookworm: resolved (fixed in 1.6-4) bullseye: resolved (fixed in 1.6-4) forky: resolved (fixed in 1.6-4) sid: resolved (fixed in 1.6-4) trixie: resolved (fixed in 1.6-4)