Subject: [ASA-202012-15] minidlna: arbitrary code execution Arch Linux Security Advisory ASA-202012-15 ========================================== Severity: High Date : 2020-12-09 CVE-ID : CVE-2020-28926 Package : minidlna Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1321 Summary ======= The package minidlna before version 1.3.0-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 1.3.0-1. # pacman -Syu "minidlna>=1.3.0-1" The problem has been fixed upstream in version 1.3.0. Workaround ========== None. Description =========== ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove. Impact ====== An attacker on the local network can execute arbitrary code via a malicious UPnP HTTP request. References ========== https://www.rootshellsecurity.net/remote-heap-corruption-bug-discovery-minidlna/ https://sourceforge.net/p/minidlna/git/ci/9fba41008adebc1da0f4f6c6e27ae422ace3fe4a https://security.archlinux.org/CVE-2020-28926