UBUNTU-CVE-2023-33476

See a problem?
Source
https://ubuntu.com/security/CVE-2023-33476
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-33476.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-33476
Related
Published
2023-06-02T14:15:00Z
Modified
2023-06-02T14:15:00Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk values that exceed the length of the allocated buffer, resulting in out-of-bounds read/write.

References

Affected packages

Ubuntu:Pro:16.04:LTS / minidlna

Package

Name
minidlna
Purl
pkg:deb/ubuntu/minidlna?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.5+dfsg-2ubuntu0.1+esm1

Affected versions

1.*

1.1.4+dfsg-4build1
1.1.5+dfsg-1
1.1.5+dfsg-2
1.1.5+dfsg-2ubuntu0.1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.1.5+dfsg-2ubuntu0.1+esm1",
            "binary_name": "minidlna"
        },
        {
            "binary_version": "1.1.5+dfsg-2ubuntu0.1+esm1",
            "binary_name": "minidlna-dbgsym"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / minidlna

Package

Name
minidlna
Purl
pkg:deb/ubuntu/minidlna?arch=src?distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.1+dfsg-1ubuntu0.18.04.1+esm1

Affected versions

1.*

1.2.0+dfsg-2
1.2.1+dfsg-1
1.2.1+dfsg-1ubuntu0.18.04.1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.2.1+dfsg-1ubuntu0.18.04.1+esm1",
            "binary_name": "minidlna"
        },
        {
            "binary_version": "1.2.1+dfsg-1ubuntu0.18.04.1+esm1",
            "binary_name": "minidlna-dbgsym"
        }
    ]
}

Ubuntu:20.04:LTS / minidlna

Package

Name
minidlna
Purl
pkg:deb/ubuntu/minidlna?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.1+dfsg-1ubuntu0.20.04.2

Affected versions

1.*

1.2.1+dfsg-1build1
1.2.1+dfsg-1ubuntu0.20.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.2.1+dfsg-1ubuntu0.20.04.2",
            "binary_name": "minidlna"
        },
        {
            "binary_version": "1.2.1+dfsg-1ubuntu0.20.04.2",
            "binary_name": "minidlna-dbgsym"
        }
    ]
}

Ubuntu:22.04:LTS / minidlna

Package

Name
minidlna
Purl
pkg:deb/ubuntu/minidlna?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.0+dfsg-2.1ubuntu0.1

Affected versions

1.*

1.3.0+dfsg-2
1.3.0+dfsg-2.1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.3.0+dfsg-2.1ubuntu0.1",
            "binary_name": "minidlna"
        },
        {
            "binary_version": "1.3.0+dfsg-2.1ubuntu0.1",
            "binary_name": "minidlna-dbgsym"
        }
    ]
}