CVE-2020-28926
- Source
- https://cve.org/CVERecord?id=CVE-2020-28926
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-28926.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-28926
- Downstream
- Related
- Published
- 2020-11-30T18:15:11.473Z
- Modified
- 2026-02-14T07:27:24.831630Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove.
- References
-
- https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html
- https://sourceforge.net/projects/minidlna/
- https://www.debian.org/security/2020/dsa-4806
- https://www.rootshellsecurity.net/remote-heap-corruption-bug-discovery-minidlna/
- https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html
- https://www.rootshellsecurity.net/remote-heap-corruption-bug-discovery-minidlna/
Affected packages
Git / gitlab.freedesktop.org/virgl/virglrenderer
Affected ranges
- Type
- GIT
- Repo
- https://gitlab.freedesktop.org/virgl/virglrenderer
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.10.0
0.10.1
0.10.3
0.10.4
0.8.2
0.9.0
1.*
1.0.0
1.0.1
1.1.0
1.1.1
1.2.0
virglrenderer-0.*
virglrenderer-0.10.0
virglrenderer-0.10.1
virglrenderer-0.10.3
virglrenderer-0.10.4
virglrenderer-0.2.0
virglrenderer-0.4.0
virglrenderer-0.5.0
virglrenderer-0.6.0
virglrenderer-0.7.0
virglrenderer-0.8.0
virglrenderer-0.8.1
virglrenderer-0.8.2
virglrenderer-0.9.0
virglrenderer-1.*
virglrenderer-1.0.0
virglrenderer-1.0.1
virglrenderer-1.1.0
virglrenderer-1.1.1
virglrenderer-1.2.0