CVE-2022-26505
Gentoo Linux Security Advisory 202311-12
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files.
Un problema de reenganche de DNS en ReadyMedia (anteriormente MiniDLNA) versiones anteriores a 1.3.1, permite que un servidor web remoto exfiltre archivos multimedia
It was discovered that ReadyMedia was vulnerable to DNS rebinding attacks. A remote attacker could possibly use this issue to trick the local DLNA server to leak information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that ReadyMedia incorrectly handled certain HTTP requests using chunked transport encoding. A remote attacker could possibly use this issue to cause buffer overflows, resulting in out-of-bounds reads and writes.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-03-06 CVE Reserved
- 2022-03-06 CVE Published
- 2024-08-03 CVE Updated
- 2025-07-25 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-290: Authentication Bypass by Spoofing
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2022/03/06/1 | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2022/04/msg00005.html | Mailing List |
|
| https://www.openwall.com/lists/oss-security/2022/03/03/1 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://sourceforge.net/p/minidlna/git/ci/c21208508dbc131712281ec5340687e5ae89e940 | 2023-11-25 |
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/202311-12 | 2023-11-25 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Readymedia Project Search vendor "Readymedia Project" | Readymedia Search vendor "Readymedia Project" for product "Readymedia" | < 1.3.1 Search vendor "Readymedia Project" for product "Readymedia" and version " < 1.3.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||