CVE-2020-28926 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Arbitrary code execution
Description	ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1321	minidlna	1.2.1-5	1.3.0-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
09 Dec 2020	ASA-202012-15	AVG-1321	minidlna	High	arbitrary code execution

References
https://www.rootshellsecurity.net/remote-heap-corruption-bug-discovery-minidlna/ https://sourceforge.net/p/minidlna/git/ci/9fba41008adebc1da0f4f6c6e27ae422ace3fe4a