CVE-2015-6031

EPSS 3.2%

miniupnpc - security update

Published: 11/2/2015Modified: 4/28/2026

Description

Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an "oversized" XML element name.

Affected packages (2)

Debian/miniupnpcfrom 0, < 1.9.20140610-2.1
Debian/miniupnpcfrom 0, < 1.5-2+deb7u1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-6031