{"id":"CVE-2017-1000494","details":"Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd \u003c 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact","modified":"2026-04-16T06:19:41.013297736Z","published":"2018-01-03T14:29:00.207Z","related":["openSUSE-SU-2024:11052-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00045.html"},{"type":"WEB","url":"https://usn.ubuntu.com/3562-1/"},{"type":"REPORT","url":"https://github.com/miniupnp/miniupnp/issues/268"},{"type":"FIX","url":"https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7168a"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/miniupnp/miniupnp","events":[{"introduced":"0"},{"fixed":"1337158fcff401def996e211d5940c9f74f92b51"},{"fixed":"7aeb624b44f86d335841242ff427433190e7168a"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.0"}]}}],"versions":["minissdpd_1_2","minissdpd_1_4","minissdpd_1_5","miniupnpc_1_7","miniupnpc_1_8","miniupnpc_1_9","miniupnpd_1_7","miniupnpd_1_8"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000494.json","vanir_signatures_modified":"2026-04-11T04:47:16Z","vanir_signatures":[{"deprecated":false,"signature_version":"v1","id":"CVE-2017-1000494-0028e4cb","source":"https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7168a","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["295173951254985634630528692948262536807","302691202603259665647814171628490788660","339918680354464953709328104745597028315","134829993335106447834005112284048797659","286594902080535976206784969442148156809","292240683174142518075509021281711160055","205837347905517485042540461196658938952"]},"target":{"file":"miniupnpd/upnpreplyparse.c"}},{"deprecated":false,"target":{"file":"miniupnpc/upnpreplyparse.c"},"id":"CVE-2017-1000494-4d314017","source":"https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7168a","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["295173951254985634630528692948262536807","302691202603259665647814171628490788660","339918680354464953709328104745597028315","134829993335106447834005112284048797659","286594902080535976206784969442148156809","292240683174142518075509021281711160055","205837347905517485042540461196658938952"]},"signature_type":"Line"},{"deprecated":false,"digest":{"function_hash":"86819483534247848623941153745861285367","length":416},"id":"CVE-2017-1000494-729f7fcc","source":"https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7168a","target":{"file":"miniupnpc/upnpreplyparse.c","function":"ParseNameValue"},"signature_version":"v1","signature_type":"Function"},{"deprecated":false,"target":{"file":"miniupnpd/upnpreplyparse.c","function":"ParseNameValue"},"id":"CVE-2017-1000494-b3c5b781","source":"https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7168a","signature_version":"v1","digest":{"function_hash":"86819483534247848623941153745861285367","length":416},"signature_type":"Function"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}