Vulnerability Description
Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Miniupnp Project | Miniupnpd | < 2.0 |
Related Weaknesses (CWE)
References
- https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7Patch
- https://github.com/miniupnp/miniupnp/issues/268ExploitIssue TrackingThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2019/05/msg00045.html
- https://usn.ubuntu.com/3562-1/
- https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7Patch
- https://github.com/miniupnp/miniupnp/issues/268ExploitIssue TrackingThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2019/05/msg00045.html
- https://usn.ubuntu.com/3562-1/
FAQ
What is CVE-2017-1000494?
CVE-2017-1000494 is a vulnerability with a CVSS score of 7.8 (HIGH). Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or po...
How severe is CVE-2017-1000494?
CVE-2017-1000494 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-1000494?
Check the references section above for vendor advisories and patch information. Affected products include: Miniupnp Project Miniupnpd.