A buffer overflow in MiniUPnPc might allow remote attackers to cause a Denial of Service condition.
|Package||net-libs/miniupnpc on all architectures|
|Affected versions||< 1.9.20150427|
|Unaffected versions||>= 1.9.20150427|
UPnP client library and a simple UPnP client.
An out-of-bounds read was discovered in the getHTTPResponse function in miniwget.c in MiniUPnPc.
Remote attackers, through specially crafted headers, could cause a Denial of Service condition.
There is no known workaround at this time.
All MiniUPnPc users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/miniupnpc-1.9.20150427"
January 17, 2017
January 17, 2017: 01