Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 907926 (CVE-2023-33476) - <net-misc/minidlna-1.3.3: remote code execution
Summary: <net-misc/minidlna-1.3.3: remote code execution
Alias: CVE-2023-33476
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
Whiteboard: B1 [glsa+]
Depends on: 907937
  Show dependency tree
Reported: 2023-06-06 03:53 UTC by John Helmert III
Modified: 2023-11-25 10:23 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-06-06 03:53:44 UTC

ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk values that exceed the length of the allocated buffer, resulting in out-of-bounds read/write.

Patch is in 1.3.3:
Comment 1 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2023-06-06 18:46:26 UTC
cleanup done.
Comment 2 Larry the Git Cow gentoo-dev 2023-11-25 10:21:56 UTC
The bug has been referenced in the following commit(s):

commit 366b6b3c7d9599739538780d8fd82308c8c20893
Author:     GLSAMaker <>
AuthorDate: 2023-11-25 10:21:19 +0000
Commit:     Hans de Graaff <>
CommitDate: 2023-11-25 10:21:47 +0000

    [ GLSA 202311-12 ] MiniDLNA: Multiple Vulnerabilities
    Signed-off-by: GLSAMaker <>
    Signed-off-by: Hans de Graaff <>

 glsa-202311-12.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)