CVE-2023-33476: ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk values that exceed the length of the allocated buffer, resulting in out-of-bounds read/write. Patch is in 1.3.3: https://sourceforge.net/p/minidlna/git/ci/9bd58553fae5aef3e6dd22f51642d2c851225aec/
cleanup done.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=366b6b3c7d9599739538780d8fd82308c8c20893 commit 366b6b3c7d9599739538780d8fd82308c8c20893 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-11-25 10:21:19 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-11-25 10:21:47 +0000 [ GLSA 202311-12 ] MiniDLNA: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/834642 Bug: https://bugs.gentoo.org/907926 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202311-12.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+)