| Severity |
|
| Remote |
|
| Type |
| - |
Unknown |
| + |
Arbitrary code execution |
|
| Description |
| + |
ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove. |
|
| References |
| + |
https://www.rootshellsecurity.net/remote-heap-corruption-bug-discovery-minidlna/ |
| + |
https://sourceforge.net/p/minidlna/git/ci/9fba41008adebc1da0f4f6c6e27ae422ace3fe4a |
|
| Notes |
|