CVE-2015-6031

Publication date 16 October 2015

Last updated 24 July 2024

Ubuntu priority

Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an "oversized" XML element name.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
miniupnpc	15.10 wily	Fixed 1.9.20140610-2ubuntu2
	15.04 vivid	Fixed 1.9.20140610-2ubuntu1.1
	14.04 LTS trusty	Fixed 1.6-3ubuntu2.14.04.2
	12.04 LTS precise	Fixed 1.6-3ubuntu1.2

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
miniupnpc	Upstream: 79cca97

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-2780-2
MiniUPnP vulnerability
23 October 2015

USN-2780-1
MiniUPnP vulnerability
20 October 2015

Other references

http://talosintel.com/reports/TALOS-2015-0035/
https://www.cve.org/CVERecord?id=CVE-2015-6031