1
PublicDateAtUSN: 2015-10-16
2
Candidate: CVE-2015-6031
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6031
6
http://talosintel.com/reports/TALOS-2015-0035/
7
https://usn.ubuntu.com/usn/usn-2780-1
8
https://usn.ubuntu.com/usn/usn-2780-2
10
Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the
11
MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP
12
servers to cause a denial of service (application crash) and possibly
13
execute arbitrary code via an "oversized" XML element name.
17
https://bugs.launchpad.net/ubuntu/+source/miniupnpc/+bug/1506017
19
Discovered-by: Aleksandar Nikolic
23
upstream: https://github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78
24
upstream_miniupnpc: needs-triage
25
precise_miniupnpc: released (1.6-3ubuntu1.2)
26
trusty_miniupnpc: released (1.6-3ubuntu2.14.04.2)
27
vivid_miniupnpc: released (1.9.20140610-2ubuntu1.1)
28
wily_miniupnpc: released (1.9.20140610-2ubuntu2)
29
devel_miniupnpc: not-affected (1.9.20140610-2ubuntu2)