CVE-2014-3985 Common Vulnerabilities and Exposures

Upstream information

CVE-2014-3985 at MITRE

Description

The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows remote attackers to cause a denial of service (crash) via crafted headers that trigger an out-of-bounds read.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	5
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector	Network
Access Complexity	Low
Authentication	None
Confidentiality Impact	None
Integrity Impact	None
Availability Impact	Partial

SUSE Bugzilla entry: 881990 [VERIFIED / FIXED]

SUSE Security Advisories:

openSUSE-SU-2014:0815-1

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE Leap 15.0	`libminiupnpc16 >= 2.0.20171102-lp150.1.11`	Patchnames: openSUSE Leap 15.0 GA libminiupnpc16-2.0.20171102-lp150.1.11
openSUSE Leap 15.2	`libminiupnpc16 >= 2.0.20171102-lp152.3.3`	Patchnames: openSUSE Leap 15.2 GA libminiupnpc16-2.0.20171102-lp152.3.24
openSUSE Leap 15.3	`libminiupnpc16 >= 2.0.20171102-bp153.1.39`	Patchnames: openSUSE Leap 15.3 GA libminiupnpc16-2.0.20171102-bp153.1.39
openSUSE Tumbleweed	`libminiupnpc-devel >= 2.0-1.5` `libminiupnpc16 >= 2.0-1.5` `libminiupnpc16-32bit >= 2.0-1.5` `miniupnpc >= 2.0-1.5` `python-miniupnpc >= 2.0-1.5`	Patchnames: openSUSE-Tumbleweed-2024-10434

SUSE Timeline for this CVE

CVE page created: Tue Jun 10 01:16:35 2014
CVE page last modified: Sat Jun 15 22:16:46 2024