Fluid Attacks Database

Description

Command Injection in Minidlna version v1.3.3 and before allows an attacker to execute arbitrary OS commands via a specially crafted minidlna.conf configuration file.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
debian 12	minidlna	=1.3.0+dfsg-2.2 \|\| =1.3.0+dfsg-2.2+deb12u1 \|\| =1.3.2+dfsg-1 \|\| =1.3.2+dfsg-1.1 \|\| =1.3.3+dfsg-0.1 \|\| =1.3.3+dfsg-0.2 \|\| =1.3.3+dfsg-1 \|\| =1.3.3+dfsg-1.1
debian 14	minidlna	=1.3.3+dfsg-1.1
debian 13	minidlna	=1.3.3+dfsg-1.1
debian 11	minidlna	=1.3.0+dfsg-2 \|\| =1.3.0+dfsg-2+deb11u1 \|\| =1.3.0+dfsg-2+deb11u2 \|\| =1.3.0+dfsg-2.1 \|\| =1.3.0+dfsg-2.2 \|\| =1.3.2+dfsg-1 \|\| =1.3.2+dfsg-1.1 \|\| =1.3.3+dfsg-0.1 \|\| =1.3.3+dfsg-0.2 \|\| =1.3.3+dfsg-1 \|\| =1.3.3+dfsg-1.1

Aliases

1. CVE-2024-514422. NVD-2024-514423. OSV-DEBIAN-2024-514424. OSV-2024-514425. SECURITY-TRACKER-CVE-2024-51442

References

1. https://github.com/mselbrede/CVE-2024-51442

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.