{"id":"CVE-2016-3178","details":"The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (out-of-bounds memory access and daemon crash) via vectors involving a negative length value.","modified":"2026-04-11T04:02:07.889503Z","published":"2017-03-24T15:59:00.607Z","references":[{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2016/03/16/13"},{"type":"FIX","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816759"},{"type":"FIX","url":"https://github.com/miniupnp/miniupnp/commit/b238cade9a173c6f751a34acf8ccff838a62aa47"},{"type":"FIX","url":"http://speirofr.appspot.com/files/advisory/SPADV-2016-02.md"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/miniupnp/miniupnp","events":[{"introduced":"0"},{"fixed":"b238cade9a173c6f751a34acf8ccff838a62aa47"}]},{"type":"GIT","repo":"https://github.com/miniupnp/miniupnp","events":[{"introduced":"0"},{"fixed":"b238cade9a173c6f751a34acf8ccff838a62aa47"}]}],"versions":["minissdpd_1_2","minissdpd_1_5","miniupnpc_1_7","miniupnpc_1_8","miniupnpd_1_7","miniupnpd_1_8"],"database_specific":{"vanir_signatures_modified":"2026-04-11T04:02:07Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3178.json","vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["271705968983326198527344481156025572252","311138320444226240842718750159299324115","48831971506792003391374361445759137854","249106154199801182541337422251164732275","239372940993767629734199199295738605984","129190221767351612127699417407813205499","275391632915230211902828655238730983780","11011257688300972731883373055903389614","78139704757980325718552533253965159224"]},"deprecated":false,"id":"CVE-2016-3178-2019a8f5","target":{"file":"minissdpd/testminissdpd.c"},"signature_type":"Line","source":"https://github.com/miniupnp/miniupnp/commit/b238cade9a173c6f751a34acf8ccff838a62aa47","signature_version":"v1"},{"digest":{"threshold":0.9,"line_hashes":["225366402492563976722727759687594728432","129704850763359391866335628783009421454","261539452354901069119561217037235974107","286652372457417456509863638449404217547","178645261454751269467054911217165487177","30736620676179062934593032749112287503","214806284094370349156213403581832830820","84143539288615570619654571005036051401","48983894664442571400273546382283801770","177521571461712899005427746583083450099","100010788967609104911809630501747680585","84143539288615570619654571005036051401","48983894664442571400273546382283801770","158330043051446992578333292864592266968","100010788967609104911809630501747680585","84143539288615570619654571005036051401","48983894664442571400273546382283801770"]},"deprecated":false,"id":"CVE-2016-3178-65b62637","target":{"file":"minissdpd/minissdpd.c"},"signature_type":"Line","source":"https://github.com/miniupnp/miniupnp/commit/b238cade9a173c6f751a34acf8ccff838a62aa47","signature_version":"v1"},{"digest":{"length":3518,"function_hash":"313916193225476497303930420535499900034"},"deprecated":false,"id":"CVE-2016-3178-d6a008b9","target":{"function":"main","file":"minissdpd/testminissdpd.c"},"signature_type":"Function","source":"https://github.com/miniupnp/miniupnp/commit/b238cade9a173c6f751a34acf8ccff838a62aa47","signature_version":"v1"},{"digest":{"length":7361,"function_hash":"7502532630528395280715097097509639945"},"deprecated":false,"id":"CVE-2016-3178-d99c6588","target":{"function":"processRequest","file":"minissdpd/minissdpd.c"},"signature_type":"Function","source":"https://github.com/miniupnp/miniupnp/commit/b238cade9a173c6f751a34acf8ccff838a62aa47","signature_version":"v1"}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.2.20130907-3"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}