FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-16 19:33:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
06fefd2f-728f-11e5-a371-14dae9d210b8	miniupnpc -- buffer overflow Talos reports: An exploitable buffer overflow vulnerability exists in the XML parser functionality of the MiniUPnP library. A specially crafted XML response can lead to a buffer overflow on the stack resulting in remote code execution. An attacker can set up a server on the local network to trigger this vulnerability. Discovery 2015-09-15 Entry 2015-10-14 Modified 2015-10-14 miniupnpc ge 1.9.1 lt 1.9.20150917 < 1.9_1 CVE-2015-6031 http://talosintel.com/reports/TALOS-2015-0035/ https://github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78
da1d5d2e-3eca-11e7-8861-0018fe623f2b	miniupnpc -- integer signedness error Tintinweb reports: An integer signedness error was found in miniupnp's miniwget allowing an unauthenticated remote entity typically located on the local network segment to trigger a heap corruption or an access violation in miniupnp's http response parser when processing a specially crafted chunked-encoded response to a request for the xml root description url. Discovery 2017-05-09 Entry 2017-05-22 miniupnpc < 2.0.20170509 CVE-2017-8798 https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-8798

VuXML ID

Description

06fefd2f-728f-11e5-a371-14dae9d210b8

miniupnpc -- buffer overflow

Talos reports:

An exploitable buffer overflow vulnerability exists in the XML parser functionality of the MiniUPnP library. A specially crafted XML response can lead to a buffer overflow on the stack resulting in remote code execution. An attacker can set up a server on the local network to trigger this vulnerability.

Discovery 2015-09-15
Entry 2015-10-14
Modified 2015-10-14
miniupnpc

ge 1.9.1 lt 1.9.20150917

< 1.9_1

CVE-2015-6031
http://talosintel.com/reports/TALOS-2015-0035/
https://github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78

da1d5d2e-3eca-11e7-8861-0018fe623f2b

miniupnpc -- integer signedness error

Tintinweb reports:

An integer signedness error was found in miniupnp's miniwget allowing an unauthenticated remote entity typically located on the local network segment to trigger a heap corruption or an access violation in miniupnp's http response parser when processing a specially crafted chunked-encoded response to a request for the xml root description url.

Discovery 2017-05-09
Entry 2017-05-22
miniupnpc

< 2.0.20170509

CVE-2017-8798
https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-8798