oss-sec mailing list archives
Re: CVE request: possible miniupnpc buffer overflow
From: Moritz Muehlenhoff <jmm () debian org>
Date: Fri, 6 Jun 2014 16:27:03 +0200
On Wed, Apr 30, 2014 at 04:45:26PM +1000, Murray McAllister wrote:
Good morning, It was pointed out in https://bugzilla.redhat.com/show_bug.cgi?id=1085618 that miniupnpc version 1.9 fixes a possible buffer overflow: https://github.com/miniupnp/miniupnp/commit/3a87aa2f10bd7f1408e1849bdb59c41dd63a9fe9 I am not familiar with the code but it may be just a crash, with an invalid read here (on line 131): 129 /* parse header lines */ 130 for(i = 0; i < endofheaders - 1; i++) { 131 if(colon <= linestart && header_buf[i]==':') Can a CVE be assigned if one has not been already?
This seems to have fallen through the cracks. Cheers, Moritz
Current thread:
- CVE request: possible miniupnpc buffer overflow Murray McAllister (Apr 29)
- Re: CVE request: possible miniupnpc buffer overflow Murray McAllister (Apr 30)
- Re: CVE request: possible miniupnpc buffer overflow Moritz Muehlenhoff (Jun 06)
- Re: CVE request: possible miniupnpc buffer overflow cve-assign (Jun 06)