CVE-2023-33476 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2023-33476 Interim 1 6 2025-02-16T02:12:46Z current 2024-03-27T00:14:40Z 2025-02-16T02:12:46Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2023-33476 ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk values that exceed the length of the allocated buffer, resulting in out-of-bounds read/write. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MJXNSM22S74GJOPTE62NPG75AN32GT4P/ E-Mail link for openSUSE-SU-2024:0093-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 15 SP5 openSUSE Leap 15.5 openSUSE Tumbleweed minidlna-1.3.3-2.1 minidlna-1.3.3-bp155.2.3.1 minidlna-1.3.3-bp155.2.3.1 as a component of SUSE Package Hub 15 SP5 minidlna-1.3.3-bp155.2.3.1 as a component of openSUSE Leap 15.5 minidlna-1.3.3-2.1 as a component of openSUSE Tumbleweed ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk values that exceed the length of the allocated buffer, resulting in out-of-bounds read/write. CVE-2023-33476 SUSE Package Hub 15 SP5:minidlna-1.3.3-bp155.2.3.1 openSUSE Leap 15.5:minidlna-1.3.3-bp155.2.3.1 openSUSE Tumbleweed:minidlna-1.3.3-2.1 critical 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H