oss-sec mailing list archives
Re: CVE Request: The minissdpd (v 1.2.20130907-3) is affected by an improper validation of array index weakness
From: cve-assign () mitre org
Date: Wed, 16 Mar 2016 13:46:22 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
http://speirofr.appspot.com/files/advisory/SPADV-2016-02.md https://bugs.debian.org/816759
https://github.com/miniupnp/miniupnp/commit/b238cade9a173c6f751a34acf8ccff838a62aa47
The problem is the incorrect validation ... that does not consider negative length values
- if(p+l > buf+n) { + if(l > (unsigned)(buf+n-p)) {
Use CVE-2016-3178.
https://github.com/miniupnp/miniupnp/commit/140ee8d2204b383279f854802b27bdb41c1d5d1a
the error handling code ... attempts to free the undefined memory contents
+ memset(newserv, 0, sizeof(struct service)); /* set pointers to NULL */
Use CVE-2016-3179. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJW6ZuJAAoJEL54rhJi8gl5+zcP/1oXalzOckVO1akQQK2c/xSP FyC7bnNx0JYfA85zkZoy5PLOypFlLtLoOUOsCgjeVCjQ6KVBQGMustr/qkMH9ooW AHuOHRyvwIUtMP5PO3ffgetNqoQeLr0kEwyDH7dXtF35VOVhtrylzxVq9MlySboe Y64R5ZMN5EhbU9cE/uwyTpMnAfbgyKPClgf4N1vxgiAB9pzQm+6wTpVKr1O3+j3g PFPymfnjZzpbSVzLskj4I6hoywoG1x0Mvd0QfDLgSX+xZ3Z1AGw+efSZrqovlNoP ybM9nkhagW878NK4xiD4Wv0I5gRrhW+UElxNvvRKYgSL9qL2gmj1E6hVdhWULy9p d9U/zpVcdjLKxNgnyJmQFzc3cEtgWhQfENEKqEq8G4Vdm5d4yrNlaaAiPUkvBzRu su4XE8z/EcUfaN3iHNvBiu3PX2Oo1l9GhxE1f1DfjbhDqxN86tAOlzmjK5AS0uY8 2NQ2zxDPffqwVvgUThmnA+0Jre9i//uiGiIqi1O5Pj6UkRzmObPwY39YmVJ/pssS BepEvpJbrgLxyhWdhqfEYSyNKcnJzkq/Kr+YPJER1zjy9BLpdDA/jmXclN15gWpj j+Wxap24GneDKxpNZXuaYqOKcMdoAEca55k2BDjZbKRCxImTugByf1yGwz89cRDV Wvd/xLNzXI4eTnWsa4d1 =RWDk -----END PGP SIGNATURE-----
Current thread:
- CVE Request: The minissdpd (v 1.2.20130907-3) is affected by an improper validation of array index weakness Salva Peiró (Mar 07)
- Re: CVE Request: The minissdpd (v 1.2.20130907-3) is affected by an improper validation of array index weakness Salva Peiró (Mar 15)
- Re: CVE Request: The minissdpd (v 1.2.20130907-3) is affected by an improper validation of array index weakness cve-assign (Mar 16)
- Re: CVE Request: The minissdpd (v 1.2.20130907-3) is affected by an improper validation of array index weakness Salva Peiró (Mar 15)