CVE-2017-1000494

Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact

References

Affected packages

Git / github.com/miniupnp/miniupnp

Affected ranges

Type: GIT
Repo: https://github.com/miniupnp/miniupnp
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7aeb624b44f86d335841242ff427433190e7168a

Affected versions

Other

minissdpd_1_2

minissdpd_1_4

minissdpd_1_5

miniupnpc_1_7

miniupnpc_1_8

miniupnpc_1_9

miniupnpc_2_0

miniupnpd_1_7

miniupnpd_1_8

miniupnpd_1_9

miniupnpd_2_0

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "target": {
            "file": "miniupnpd/upnpreplyparse.c"
        },
        "source": "https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7168a",
        "deprecated": false,
        "id": "CVE-2017-1000494-0028e4cb",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "295173951254985634630528692948262536807",
                "302691202603259665647814171628490788660",
                "339918680354464953709328104745597028315",
                "134829993335106447834005112284048797659",
                "286594902080535976206784969442148156809",
                "292240683174142518075509021281711160055",
                "205837347905517485042540461196658938952"
            ],
            "threshold": 0.9
        }
    },
    {
        "signature_type": "Line",
        "target": {
            "file": "miniupnpc/upnpreplyparse.c"
        },
        "source": "https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7168a",
        "deprecated": false,
        "id": "CVE-2017-1000494-4d314017",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "295173951254985634630528692948262536807",
                "302691202603259665647814171628490788660",
                "339918680354464953709328104745597028315",
                "134829993335106447834005112284048797659",
                "286594902080535976206784969442148156809",
                "292240683174142518075509021281711160055",
                "205837347905517485042540461196658938952"
            ],
            "threshold": 0.9
        }
    },
    {
        "signature_type": "Function",
        "target": {
            "function": "ParseNameValue",
            "file": "miniupnpc/upnpreplyparse.c"
        },
        "source": "https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7168a",
        "deprecated": false,
        "id": "CVE-2017-1000494-729f7fcc",
        "signature_version": "v1",
        "digest": {
            "length": 416.0,
            "function_hash": "86819483534247848623941153745861285367"
        }
    },
    {
        "signature_type": "Function",
        "target": {
            "function": "ParseNameValue",
            "file": "miniupnpd/upnpreplyparse.c"
        },
        "source": "https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7168a",
        "deprecated": false,
        "id": "CVE-2017-1000494-b3c5b781",
        "signature_version": "v1",
        "digest": {
            "length": 416.0,
            "function_hash": "86819483534247848623941153745861285367"
        }
    }
]