PT-2023-24351 · Unknown+3 · Readymedia+3

Hyprdudemellow-Hypehypr

Publicado

2020-12-10

Atualizado

2025-01-08

CVE-2023-33476

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ReadyMedia (MiniDLNA) versions 1.1.15 through 1.3.2

Description The issue is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk values that exceed the length of the allocated buffer, resulting in out-of-bounds read/write. The vulnerability can be exploited for remote code execution.

Recommendations For ReadyMedia (MiniDLNA) versions 1.1.15 through 1.3.2, update to a version that fixes the buffer overflow issue. As a temporary workaround, consider restricting access to HTTP requests using chunked transport encoding until a patch is available.

Exploit

Correção

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

ALT-PU-2020-3483

ALT-PU-2022-1492

ALT-PU-2023-1921

ALT-PU-2024-3412

ALT-PU-2024-4163

CVE-2023-33476

DLA-3465-1

DSA-5434-1

MGASA-2023-0224

OPENSUSE-SU-2024:0093-1

OPENSUSE-SU-2024:14011-1

USN-6398-1

Produtos afetados

Alt Linux

Linuxmint

Readymedia

Ubuntu

PT-2023-24351 · Unknown+3 · Readymedia+3

CVE-2023-33476

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 38