minidlna: Remote code execution vulnerability (CVE-2020-28926)
ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2020-28926
Patch:
https://sourceforge.net/p/minidlna/git/ci/9fba41008adebc1da0f4f6c6e27ae422ace3fe4a
Affected branches:
-
master -
3.12-stable