CVE-2015-6031

Severity CVSS v4.0:
Pending analysis
Type:
CWE-119 Buffer Errors
Publication date:
02/11/2015
Last modified:
12/04/2025

Description

Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an "oversized" XML element name.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:miniupnp_project:miniupnpc:*:*:*:*:*:*:*:* 1.9 (including)
cpe:2.3:a:miniupnp_project:miniupnpc:1.9:2014-02-03:*:*:*:*:*:*
cpe:2.3:a:miniupnp_project:miniupnpc:1.9:2014-02-05:*:*:*:*:*:*
cpe:2.3:a:miniupnp_project:miniupnpc:1.9:2014-05-15:*:*:*:*:*:*
cpe:2.3:a:miniupnp_project:miniupnpc:1.9:2014-06-10:*:*:*:*:*:*
cpe:2.3:a:miniupnp_project:miniupnpc:1.9:2014-07-01:*:*:*:*:*:*
cpe:2.3:a:miniupnp_project:miniupnpc:1.9:2014-09-06:*:*:*:*:*:*
cpe:2.3:a:miniupnp_project:miniupnpc:1.9:2014-09-11:*:*:*:*:*:*
cpe:2.3:a:miniupnp_project:miniupnpc:1.9:2014-11-05:*:*:*:*:*:*
cpe:2.3:a:miniupnp_project:miniupnpc:1.9:2014-11-13:*:*:*:*:*:*
cpe:2.3:a:miniupnp_project:miniupnpc:1.9:2014-11-17:*:*:*:*:*:*
cpe:2.3:a:miniupnp_project:miniupnpc:1.9:2015-04-27:*:*:*:*:*:*
cpe:2.3:a:miniupnp_project:miniupnpc:1.9:2015-04-30:*:*:*:*:*:*
cpe:2.3:a:miniupnp_project:miniupnpc:1.9:2015-05-22:*:*:*:*:*:*
cpe:2.3:a:miniupnp_project:miniupnpc:1.9:2015-06-16:*:*:*:*:*:*