Headline
CVE-2023-33476: ReadyMedia
ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk values that exceed the length of the allocated buffer, resulting in out-of-bounds read/write.
ReadyMedia (formerly known as MiniDLNA) is a simple media server software, with the aim of being fully compliant with DLNA/UPnP-AV clients. It was originally developed by a NETGEAR employee for the ReadyNAS product line.
It is not in any way endorsed by the Digital Living Network Alliance®.
LicenseGNU General Public License version 2.0 (GPLv2)
Steelhead’s cloud-based technology gives you the opportunity to digitize and streamline every step of your manufacturing process - designed specifically for your job shop, not the other way around.
User Ratings
4.8 out of 5 stars
★★★★★
★★★★
★★★
★★
★
ease 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 4 / 5
features 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 4 / 5
design 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 4 / 5
support 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 4 / 5
User Reviews
All
★★★★★
★★★★
★★★
★★
★
Convenient and easy to use.
No binaries in the download!!
1 user found this review helpful.
Works, and works well. Very happy it’s still maintained.
I have tried Twonky, Mediatomb, Kodi, Plex, Universal Media Server. Nothing is a bug-free, tight and efficient as ReadyMedia.
Read more reviews >
Additional Project Details
Operating SystemsLinux
Intended AudienceAdvanced End Users
User InterfaceNon-interactive (Daemon)
Programming LanguageC
2008-10-22
Related news
Gentoo Linux Security Advisory 202311-12 - Multiple vulnerabilities have been discovered in MiniDLNA, the worst of which could lead to remote code execution. Versions greater than or equal to 1.3.3 are affected.
Ubuntu Security Notice 6398-1 - It was discovered that ReadyMedia was vulnerable to DNS rebinding attacks. A remote attacker could possibly use this issue to trick the local DLNA server to leak information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that ReadyMedia incorrectly handled certain HTTP requests using chunked transport encoding. A remote attacker could possibly use this issue to cause buffer overflows, resulting in out-of-bounds reads and writes.
Debian Linux Security Advisory 5434-1 - A heap-based buffer overflow vulnerability was found in the HTTP chunk parsing code of minidlna, a lightweight DLNA/UPnP-AV server, which may result in denial of service or the execution of arbitrary code.