Bugzilla – Bug 950759
VUL-0: CVE-2015-6031: miniupnpc: xml parser buffer overflow
Last modified: 2015-11-21 13:11:33 UTC
http://talosintel.com/reports/TALOS-2015-0035/ An exploitable buffer overflow vulnerability exists in the XML parser functionality of the MiniUPnP library. A specially crafted XML response can lead to a buffer overflow on the stack resulting in remote code execution. An attacker can set up a server on the local network to trigger this vulnerability. https://github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78 No upstream release with that fix yet. Affects openSUSE 13.1, openSUSE 13.2, Leap 42.1 References: http://talosintel.com/reports/TALOS-2015-0035/ http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6031 http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-6031.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6031
bugbot adjusting priority
releasing
openSUSE-SU-2015:2070-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 950759 CVE References: CVE-2015-6031 Sources used: openSUSE Leap 42.1 (src): miniupnpc-1.9-6.1 openSUSE 13.2 (src): miniupnpc-1.9-2.3.1 openSUSE 13.1 (src): miniupnpc-1.9-2.7.1