CVE-2014-3985 - The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows remote attackers to cause a denial

CVE-2014-3985

Summary

The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows remote attackers to cause a denial of service (crash) via crafted headers that trigger an out-of-bounds read.

References

Vulnerable Configurations

cpe:2.3:a:miniupnp_project:miniupnp:1.9:*:*:*:*:*:*:*
cpe:2.3:a:miniupnp_project:miniupnp:1.9:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 28-09-2020 - 14:57)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bid	67152
confirm	https://bugzilla.redhat.com/show_bug.cgi?id=1085618 https://github.com/miniupnp/miniupnp/commit/3a87aa2f10bd7f1408e1849bdb59c41dd63a9fe9
gentoo	GLSA-201701-41
mlist	[oss-security] 20140430 CVE request: possible miniupnpc buffer overflow [oss-security] 20140606 Re: CVE request: possible miniupnpc buffer overflow
suse	openSUSE-SU-2014:0815

Last major update

28-09-2020 - 14:57

Published

11-09-2014 - 18:55

Last modified

28-09-2020 - 14:57