PT-2013-2173 · Miniupnp · Miniupnpd

Bga

Published

2013-01-31

Updated

2016-12-08

CVE-2013-0230

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions MiniUPnPd version 1.0

Description The issue is related to a stack-based buffer overflow in the ExecuteSoapAction function, which is part of the SOAPAction handler in the HTTP service. This allows remote attackers to execute arbitrary code by sending a long quoted method.

Recommendations For MiniUPnPd version 1.0, consider disabling the ExecuteSoapAction function as a temporary workaround until a patch is available. Restrict access to the SOAPAction handler in the HTTP service to minimize the risk of exploitation.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2013-0230

Affected Products

Miniupnpd

PT-2013-2173 · Miniupnp · Miniupnpd

CVE-2013-0230

Weakness Enumeration

Related Identifiers

Affected Products

References · 10