Fluid Attacks Database

Description

The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows remote attackers to cause a denial of service (crash) via crafted headers that trigger an out-of-bounds read.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	miniupnpc	>=0 <1.6-4	1.6-4
debian 12	miniupnpc	>=0 <1.6-4	1.6-4
debian 14	miniupnpc	>=0 <1.6-4	1.6-4
debian 13	miniupnpc	>=0 <1.6-4	1.6-4

Aliases

1. CVE-2014-39852. NVD-2014-39853. OSV-DEBIAN-2014-39854. OSV-2014-39855. SECURITY-TRACKER-CVE-2014-3985

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.