CVE-2015-6031

Name of the Vulnerable Software and Affected Versions MiniUPnP client (aka MiniUPnPc) versions prior to 1.9.20150917

Description The issue is related to a buffer overflow in the IGDstartelt function in igd desc parse.c. This allows remote UPNP servers to potentially cause a denial of service (application crash) and possibly execute arbitrary code via an "oversized" XML element name.

Recommendations For versions prior to 1.9.20150917, update to version 1.9.20150917 or later to resolve the issue. As a temporary workaround, consider restricting access to the MiniUPnP client to minimize the risk of exploitation.