rpm package
suse/minidlna&distro=SUSE Package Hub 15 SP2
pkg:rpm/suse/minidlna&distro=SUSE%20Package%20Hub%2015%20SP2
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-28926 | — | < 1.3.0-bp152.4.3.1 | 1.3.0-bp152.4.3.1 | Nov 30, 2020 | ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove. | ||
| CVE-2020-12695 | — | < 1.3.0-bp152.4.3.1 | 1.3.0-bp152.4.3.1 | Jun 8, 2020 | The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. |
- CVE-2020-28926Nov 30, 2020affected < 1.3.0-bp152.4.3.1fixed 1.3.0-bp152.4.3.1
ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove.
- CVE-2020-12695Jun 8, 2020affected < 1.3.0-bp152.4.3.1fixed 1.3.0-bp152.4.3.1
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.