Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201510-11 ========================================= Severity: Critical Date : 2015-10-18 CVE-ID : CVE-2015-6031 Package : miniupnpc Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package miniupnpc before version 1.9.20151008-1 is vulnerable to arbitrary code execution. Resolution ========= Upgrade to 1.9.20151008-1. # pacman -Syu "miniupnpc>=1.9.20151008-1" The problem has been fixed upstream but no release is available. Workaround ========= None. Description ========== An exploitable buffer overflow vulnerability exists in the XML parser functionality of the MiniUPnP library. A specially crafted XML response can lead to a buffer overflow on the stack resulting in remote code execution. An attacker can set up a server on the local network to trigger this vulnerability. Impact ===== A remote attacker is able to create a specially crafted XML response on a server set up on the local network to execute arbitrary code on the client. References ========= https://talosintelligence.com/vulnerability_reports/TALOS-2015-0035/ https://www.cve.org/CVERecord?id=CVE-2015-6031 https://bugs.archlinux.org/task/46612