{"id":"CVE-2015-6031","details":"Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an \"oversized\" XML element name.","modified":"2026-04-16T06:23:54.382529126Z","published":"2015-11-02T19:59:14Z","references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2015-11/msg00122.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2015/dsa-3379"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/77306"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2780-1"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2780-2"},{"type":"ADVISORY","url":"https://github.com/miniupnp/miniupnp/blob/master/miniupnpc/Changelog.txt"},{"type":"ADVISORY","url":"https://github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201801-08"},{"type":"ARTICLE","url":"http://lists.opensuse.org/opensuse-updates/2015-11/msg00122.html"},{"type":"EVIDENCE","url":"http://talosintel.com/reports/TALOS-2015-0035/"}],"schema_version":"1.7.5"}