Base Score

MEDIUM5.5

CVE-2016-3179

The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (invalid free and daemon crash) via vectors related to error handling.

VectorLOCAL

Published Bycve@mitre.org

Published DateMar 24, 2017, 15:59

Weakness Type (CWE):CWE-416

CVSS Metrics

Base Score

5.5

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH

References

http://speirofr.appspot.com/files/advisory/SPADV-2016-02.md
http://www.openwall.com/lists/oss-security/2016/03/16/13
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816759
https://github.com/miniupnp/miniupnp/commit/140ee8d2204b383279f854802b27bdb41c1d5d1a

Base Score

MEDIUM5.5

Weakness Type (CWE):CWE-416

CVSS Metrics

Base Score

5.5

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH