CVE-2023-33476

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ReadyMedia (MiniDLNA) versions 1.1.15 through 1.3.2

Description The issue is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk values that exceed the length of the allocated buffer, resulting in out-of-bounds read/write. The vulnerability can be exploited for remote code execution.

Recommendations For ReadyMedia (MiniDLNA) versions 1.1.15 through 1.3.2, update to a version that fixes the buffer overflow issue. As a temporary workaround, consider restricting access to HTTP requests using chunked transport encoding until a patch is available.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2020-3483

ALT-PU-2022-1492

ALT-PU-2023-1921

ALT-PU-2024-3412

ALT-PU-2024-4163

CVE-2023-33476

DLA-3465-1

DSA-5434-1

MGASA-2023-0224

OPENSUSE-SU-2024:0093-1

OPENSUSE-SU-2024:14011-1

USN-6398-1

Affected Products

Alt Linux

Linuxmint

Readymedia

Ubuntu

CVE-2023-33476

Weakness Enumeration

Related Identifiers

Affected Products

References · 38