CVE-2013-1462

Name of the Vulnerable Software and Affected Versions MiniUPnPd version 1.0

Description The issue is related to an integer signedness error in the ExecuteSoapAction function within the SOAPAction handler of the HTTP service. This error can be triggered by a remote attacker sending a SOAPAction header without a double quote character, leading to a denial of service due to incorrect memory copy.

Recommendations For MiniUPnPd version 1.0, consider restricting access to the SOAPAction handler until a patch is available. As a temporary workaround, avoid using the ExecuteSoapAction function with unvalidated input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.