ArchLinux: 202012-15: minidlna: arbitrary code execution
Summary
ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove.
Resolution
Upgrade to 1.3.0-1.
# pacman -Syu "minidlna>=1.3.0-1"
The problem has been fixed upstream in version 1.3.0.
References
https://www.rootshellsecurity.net/remote-heap-corruption-bug-discovery-minidlna/ https://sourceforge.net/p/minidlna/git/ci/9fba41008adebc1da0f4f6c6e27ae422ace3fe4a https://security.archlinux.org/CVE-2020-28926
Workaround
None.