Vulnerabilities > Miniupnp Project

DATE CVE VULNERABILITY TITLE RISK
2015-11-02 CVE-2015-6031 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an "oversized" XML element name.
6.8
2014-09-11 CVE-2014-3985 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows remote attackers to cause a denial of service (crash) via crafted headers that trigger an out-of-bounds read.
network
low complexity
miniupnp-project linux opensuse CWE-119
5.0
2013-01-31 CVE-2013-1462 Numeric Errors vulnerability in Miniupnp Project Miniupnpd 1.0
Integer signedness error in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (incorrect memory copy) via a SOAPAction header that lacks a " (double quote) character, a different vulnerability than CVE-2013-0230.
network
low complexity
miniupnp-project CWE-189
7.8
2013-01-31 CVE-2013-1461 Denial-Of-Service vulnerability in Miniupnp Project Miniupnpd 1.0
The ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and service crash) via a SOAPAction header that lacks a # (pound sign) character, a different vulnerability than CVE-2013-0230.
network
low complexity
miniupnp-project
7.8
2013-01-31 CVE-2013-0230 Buffer Errors vulnerability in Miniupnp Project Miniupnpd 1.0
Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method.
network
low complexity
miniupnp-project CWE-119
critical
10.0
2013-01-31 CVE-2013-0229 Denial of Service vulnerability in MiniUPnP
The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read.
network
low complexity
miniupnp-project
7.8