Vulnerability Details CVE-2017-1000494
Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.9%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
References
- https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7168a
- https://github.com/miniupnp/miniupnp/issues/268
- https://lists.debian.org/debian-lts-announce/2019/05/msg00045.html
- https://usn.ubuntu.com/3562-1/
- https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7168a
- https://github.com/miniupnp/miniupnp/issues/268
- https://lists.debian.org/debian-lts-announce/2019/05/msg00045.html
- https://usn.ubuntu.com/3562-1/
Products affected by CVE-2017-1000494
-
cpe:2.3:a:miniupnp_project:miniupnpd:1.0
-
cpe:2.3:a:miniupnp_project:miniupnpd:1.1
-
cpe:2.3:a:miniupnp_project:miniupnpd:1.2
-
cpe:2.3:a:miniupnp_project:miniupnpd:1.3
-
cpe:2.3:a:miniupnp_project:miniupnpd:1.4
-
cpe:2.3:a:miniupnp_project:miniupnpd:1.5
-
cpe:2.3:a:miniupnp_project:miniupnpd:1.6
-
cpe:2.3:a:miniupnp_project:miniupnpd:1.7
-
cpe:2.3:a:miniupnp_project:miniupnpd:1.8
-
cpe:2.3:a:miniupnp_project:miniupnpd:1.8.20130207
-
cpe:2.3:a:miniupnp_project:miniupnpd:1.9