{"id":"USN-6398-1","summary":"minidlna vulnerabilities","details":"It was discovered that ReadyMedia was vulnerable to DNS rebinding attacks.\nA remote attacker could possibly use this issue to trick the local DLNA\nserver to leak information. This issue only affected Ubuntu 16.04 LTS,\nUbuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-26505)\n\nIt was discovered that ReadyMedia incorrectly handled certain HTTP requests\nusing chunked transport encoding. A remote attacker could possibly use this\nissue to cause buffer overflows, resulting in out-of-bounds reads and writes.\n(CVE-2023-33476)\n","modified":"2026-05-20T16:03:33.396052908Z","published":"2023-09-27T09:39:41Z","related":["UBUNTU-CVE-2022-26505","UBUNTU-CVE-2023-33476"],"upstream":["CVE-2022-26505","CVE-2023-33476","UBUNTU-CVE-2022-26505","UBUNTU-CVE-2023-33476"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6398-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-26505"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-33476"}],"affected":[{"package":{"name":"minidlna","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/minidlna?arch=source&distro=esm-infra-legacy%2Fxenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.5+dfsg-2ubuntu0.1+esm1"}]}],"versions":["1.1.4+dfsg-4build1","1.1.5+dfsg-1","1.1.5+dfsg-2","1.1.5+dfsg-2ubuntu0.1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro","binaries":[{"binary_name":"minidlna","binary_version":"1.1.5+dfsg-2ubuntu0.1+esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6398-1.json","cves_map":{"cves":[],"ecosystem":"Ubuntu:Pro:16.04:LTS"}}},{"package":{"name":"minidlna","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/minidlna?arch=source&distro=esm-apps%2Fbionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.1+dfsg-1ubuntu0.18.04.1+esm1"}]}],"versions":["1.2.0+dfsg-2","1.2.1+dfsg-1","1.2.1+dfsg-1ubuntu0.18.04.1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"1.2.1+dfsg-1ubuntu0.18.04.1+esm1","binary_name":"minidlna"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6398-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-26505"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2023-33476"}],"ecosystem":"Ubuntu:Pro:18.04:LTS"}}},{"package":{"name":"minidlna","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/minidlna?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.1+dfsg-1ubuntu0.20.04.2"}]}],"versions":["1.2.1+dfsg-1build1","1.2.1+dfsg-1ubuntu0.20.04.1"],"ecosystem_specific":{"binaries":[{"binary_name":"minidlna","binary_version":"1.2.1+dfsg-1ubuntu0.20.04.2"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6398-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-26505"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2023-33476"}],"ecosystem":"Ubuntu:20.04:LTS"}}},{"package":{"name":"minidlna","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/minidlna?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.0+dfsg-2.1ubuntu0.1"}]}],"versions":["1.3.0+dfsg-2","1.3.0+dfsg-2.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"1.3.0+dfsg-2.1ubuntu0.1","binary_name":"minidlna"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6398-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-26505"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2023-33476"}],"ecosystem":"Ubuntu:22.04:LTS"}}}],"schema_version":"1.7.5"}