oss-sec mailing list archives

Re: CVE request: possible miniupnpc buffer overflow

From: Moritz Muehlenhoff <jmm () debian org>
Date: Fri, 6 Jun 2014 16:27:03 +0200

On Wed, Apr 30, 2014 at 04:45:26PM +1000, Murray McAllister wrote:

Good morning,

It was pointed out in
https://bugzilla.redhat.com/show_bug.cgi?id=1085618 that miniupnpc
version 1.9 fixes a possible buffer overflow:

https://github.com/miniupnp/miniupnp/commit/3a87aa2f10bd7f1408e1849bdb59c41dd63a9fe9

I am not familiar with the code but it may be just a crash, with an
invalid read here (on line 131):

129                         /* parse header lines */
130                         for(i = 0; i < endofheaders - 1; i++) {
131                                 if(colon <= linestart &&
header_buf[i]==':')

Can a CVE be assigned if one has not been already?


This seems to have fallen through the cracks.

Cheers,
        Moritz

Current thread:

CVE request: possible miniupnpc buffer overflow Murray McAllister (Apr 29)
- Re: CVE request: possible miniupnpc buffer overflow Murray McAllister (Apr 30)
- Re: CVE request: possible miniupnpc buffer overflow Moritz Muehlenhoff (Jun 06)
- Re: CVE request: possible miniupnpc buffer overflow cve-assign (Jun 06)