CVE-2015-6031
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an "oversized" XML element name.
Desbordamiento de buffer en la función IGDstartelt en igd_desc_parse.c en el cliente MiniUPnP (también conocido como MiniUPnPc) en versiones anteriores a 1.9.20150917 permite a servidores UPNP remotos provocar una denegación de servicio (caída de la aplicación) y posiblemente ejecutar código arbitrario a través de un nombre de elemento XML 'oversized'.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-08-14 CVE Reserved
- 2015-10-20 CVE Published
- 2024-07-09 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/77306 | Third Party Advisory | |
| https://github.com/miniupnp/miniupnp/blob/master/miniupnpc/Changelog.txt | Third Party Advisory | |
| https://github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| http://talosintel.com/reports/TALOS-2015-0035 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2015-11/msg00122.html | 2019-06-18 | |
| http://www.debian.org/security/2015/dsa-3379 | 2019-06-18 | |
| http://www.ubuntu.com/usn/USN-2780-1 | 2019-06-18 | |
| http://www.ubuntu.com/usn/USN-2780-2 | 2019-06-18 | |
| https://security.gentoo.org/glsa/201801-08 | 2019-06-18 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Miniupnp Project Search vendor "Miniupnp Project" | Miniupnpc Search vendor "Miniupnp Project" for product "Miniupnpc" | <= 1.9 Search vendor "Miniupnp Project" for product "Miniupnpc" and version " <= 1.9" | - |
Affected
| ||||||
| Miniupnp Project Search vendor "Miniupnp Project" | Miniupnpc Search vendor "Miniupnp Project" for product "Miniupnpc" | 1.9 Search vendor "Miniupnp Project" for product "Miniupnpc" and version "1.9" | 2014-02-03 |
Affected
| ||||||
| Miniupnp Project Search vendor "Miniupnp Project" | Miniupnpc Search vendor "Miniupnp Project" for product "Miniupnpc" | 1.9 Search vendor "Miniupnp Project" for product "Miniupnpc" and version "1.9" | 2014-02-05 |
Affected
| ||||||
| Miniupnp Project Search vendor "Miniupnp Project" | Miniupnpc Search vendor "Miniupnp Project" for product "Miniupnpc" | 1.9 Search vendor "Miniupnp Project" for product "Miniupnpc" and version "1.9" | 2014-05-15 |
Affected
| ||||||
| Miniupnp Project Search vendor "Miniupnp Project" | Miniupnpc Search vendor "Miniupnp Project" for product "Miniupnpc" | 1.9 Search vendor "Miniupnp Project" for product "Miniupnpc" and version "1.9" | 2014-06-10 |
Affected
| ||||||
| Miniupnp Project Search vendor "Miniupnp Project" | Miniupnpc Search vendor "Miniupnp Project" for product "Miniupnpc" | 1.9 Search vendor "Miniupnp Project" for product "Miniupnpc" and version "1.9" | 2014-07-01 |
Affected
| ||||||
| Miniupnp Project Search vendor "Miniupnp Project" | Miniupnpc Search vendor "Miniupnp Project" for product "Miniupnpc" | 1.9 Search vendor "Miniupnp Project" for product "Miniupnpc" and version "1.9" | 2014-09-06 |
Affected
| ||||||
| Miniupnp Project Search vendor "Miniupnp Project" | Miniupnpc Search vendor "Miniupnp Project" for product "Miniupnpc" | 1.9 Search vendor "Miniupnp Project" for product "Miniupnpc" and version "1.9" | 2014-09-11 |
Affected
| ||||||
| Miniupnp Project Search vendor "Miniupnp Project" | Miniupnpc Search vendor "Miniupnp Project" for product "Miniupnpc" | 1.9 Search vendor "Miniupnp Project" for product "Miniupnpc" and version "1.9" | 2014-11-05 |
Affected
| ||||||
| Miniupnp Project Search vendor "Miniupnp Project" | Miniupnpc Search vendor "Miniupnp Project" for product "Miniupnpc" | 1.9 Search vendor "Miniupnp Project" for product "Miniupnpc" and version "1.9" | 2014-11-13 |
Affected
| ||||||
| Miniupnp Project Search vendor "Miniupnp Project" | Miniupnpc Search vendor "Miniupnp Project" for product "Miniupnpc" | 1.9 Search vendor "Miniupnp Project" for product "Miniupnpc" and version "1.9" | 2014-11-17 |
Affected
| ||||||
| Miniupnp Project Search vendor "Miniupnp Project" | Miniupnpc Search vendor "Miniupnp Project" for product "Miniupnpc" | 1.9 Search vendor "Miniupnp Project" for product "Miniupnpc" and version "1.9" | 2015-04-27 |
Affected
| ||||||
| Miniupnp Project Search vendor "Miniupnp Project" | Miniupnpc Search vendor "Miniupnp Project" for product "Miniupnpc" | 1.9 Search vendor "Miniupnp Project" for product "Miniupnpc" and version "1.9" | 2015-04-30 |
Affected
| ||||||
| Miniupnp Project Search vendor "Miniupnp Project" | Miniupnpc Search vendor "Miniupnp Project" for product "Miniupnpc" | 1.9 Search vendor "Miniupnp Project" for product "Miniupnpc" and version "1.9" | 2015-05-22 |
Affected
| ||||||
| Miniupnp Project Search vendor "Miniupnp Project" | Miniupnpc Search vendor "Miniupnp Project" for product "Miniupnpc" | 1.9 Search vendor "Miniupnp Project" for product "Miniupnpc" and version "1.9" | 2015-06-16 |
Affected
| ||||||
| Miniupnp Project Search vendor "Miniupnp Project" | Miniupnpc Search vendor "Miniupnp Project" for product "Miniupnpc" | 1.9 Search vendor "Miniupnp Project" for product "Miniupnpc" and version "1.9" | 2015-07-15 |
Affected
| ||||||
| Miniupnp Project Search vendor "Miniupnp Project" | Miniupnpc Search vendor "Miniupnp Project" for product "Miniupnpc" | 1.9 Search vendor "Miniupnp Project" for product "Miniupnpc" and version "1.9" | 2015-07-22 |
Affected
| ||||||
| Miniupnp Project Search vendor "Miniupnp Project" | Miniupnpc Search vendor "Miniupnp Project" for product "Miniupnpc" | 1.9 Search vendor "Miniupnp Project" for product "Miniupnpc" and version "1.9" | 2015-07-23 |
Affected
| ||||||
| Miniupnp Project Search vendor "Miniupnp Project" | Miniupnpc Search vendor "Miniupnp Project" for product "Miniupnpc" | 1.9 Search vendor "Miniupnp Project" for product "Miniupnpc" and version "1.9" | 2015-08-16 |
Affected
| ||||||
| Miniupnp Project Search vendor "Miniupnp Project" | Miniupnpc Search vendor "Miniupnp Project" for product "Miniupnpc" | 1.9 Search vendor "Miniupnp Project" for product "Miniupnpc" and version "1.9" | 2015-08-27 |
Affected
| ||||||
| Miniupnp Project Search vendor "Miniupnp Project" | Miniupnpc Search vendor "Miniupnp Project" for product "Miniupnpc" | 1.9 Search vendor "Miniupnp Project" for product "Miniupnpc" and version "1.9" | 2015-08-28 |
Affected
| ||||||
| Miniupnp Project Search vendor "Miniupnp Project" | Miniupnpc Search vendor "Miniupnp Project" for product "Miniupnpc" | 1.9 Search vendor "Miniupnp Project" for product "Miniupnpc" and version "1.9" | 2015-09-15 |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 15.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "15.04" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 42.1 Search vendor "Opensuse" for product "Leap" and version "42.1" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.1 Search vendor "Opensuse" for product "Opensuse" and version "13.1" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.2 Search vendor "Opensuse" for product "Opensuse" and version "13.2" | - |
Affected
| ||||||