CVE-2017-8798 in miniupnpc (Alpine package)

Published: 2017-10-10

Risk	Medium
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2017-8798
CWE-ID	N/A
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #1 is available.
Vulnerable software	miniupnpc (Alpine package) Operating systems & Components / Operating system package or component
Vendor	Alpine Linux Development Team

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) CVE-2017-8798

EUVDB-ID: #VU6705

Risk: Medium

CVSSv4.0: N/A

CVE-ID: CVE-2017-8798

CWE-ID: N/A

Exploit availability: Yes

Description

Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact.

Mitigation

Install update from vendor's website.

Vulnerable software versions

miniupnpc (Alpine package): 2.0-r0

CPE2.3

cpe:2.3:a:alpine:miniupnpc_alpine_package:2.0-r0:*:*:*:*:alpine_linux:*:3.5

External links

https://git.alpinelinux.org/aports/commit/?id=ee83a9f5e06113058344dc3cc3160c26a595df6c

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.