QwikSec

Security Database

CVE

CWE

Training

CVE-2020-28926

Published: Nov 30, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://sourceforge.net/projects/minidlna/

x_refsource_MISC

https://www.rootshellsecurity.net/remote-heap-corruption-bug-discovery-minidlna/

x_refsource_MISC

vendor-advisory

x_refsource_DEBIAN

[debian-lts-announce] 20201210 [SECURITY] [DLA 2489-1] minidlna security update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.