{"id":"CVE-2016-3178","details":"The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (out-of-bounds memory access and daemon crash) via vectors involving a negative length value.","modified":"2026-05-18T12:49:31.116834Z","published":"2017-03-24T15:59:00.607Z","database_specific":{"unresolved_ranges":[{"vendor_product":"miniupnp_project:minissdpd","extracted_events":[{"last_affected":"1.2.20130907-3"}],"source":"CPE_FIELD","cpes":["cpe:2.3:a:miniupnp_project:minissdpd:1.2.20130907-3:*:*:*:*:*:*:*"]}]},"references":[{"type":"FIX","url":"http://speirofr.appspot.com/files/advisory/SPADV-2016-02.md"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2016/03/16/13"},{"type":"FIX","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816759"},{"type":"FIX","url":"https://github.com/miniupnp/miniupnp/commit/b238cade9a173c6f751a34acf8ccff838a62aa47"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/miniupnp/miniupnp","events":[{"introduced":"0"},{"fixed":"b238cade9a173c6f751a34acf8ccff838a62aa47"}],"database_specific":{"source":"REFERENCES"}}],"versions":["minissdpd_1_5","miniupnpd_1_8","miniupnpc_1_8","miniupnpd_1_7","minissdpd_1_2","miniupnpc_1_7"],"database_specific":{"vanir_signatures_modified":"2026-05-18T12:49:31Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-3178.json","vanir_signatures":[{"target":{"file":"minissdpd/testminissdpd.c"},"id":"CVE-2016-3178-2019a8f5","signature_type":"Line","deprecated":false,"source":"https://github.com/miniupnp/miniupnp/commit/b238cade9a173c6f751a34acf8ccff838a62aa47","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["271705968983326198527344481156025572252","311138320444226240842718750159299324115","48831971506792003391374361445759137854","249106154199801182541337422251164732275","239372940993767629734199199295738605984","129190221767351612127699417407813205499","275391632915230211902828655238730983780","11011257688300972731883373055903389614","78139704757980325718552533253965159224"]}},{"target":{"file":"minissdpd/minissdpd.c"},"id":"CVE-2016-3178-65b62637","signature_type":"Line","deprecated":false,"source":"https://github.com/miniupnp/miniupnp/commit/b238cade9a173c6f751a34acf8ccff838a62aa47","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["225366402492563976722727759687594728432","129704850763359391866335628783009421454","261539452354901069119561217037235974107","286652372457417456509863638449404217547","178645261454751269467054911217165487177","30736620676179062934593032749112287503","214806284094370349156213403581832830820","84143539288615570619654571005036051401","48983894664442571400273546382283801770","177521571461712899005427746583083450099","100010788967609104911809630501747680585","84143539288615570619654571005036051401","48983894664442571400273546382283801770","158330043051446992578333292864592266968","100010788967609104911809630501747680585","84143539288615570619654571005036051401","48983894664442571400273546382283801770"]}},{"target":{"function":"main","file":"minissdpd/testminissdpd.c"},"id":"CVE-2016-3178-d6a008b9","signature_type":"Function","deprecated":false,"source":"https://github.com/miniupnp/miniupnp/commit/b238cade9a173c6f751a34acf8ccff838a62aa47","signature_version":"v1","digest":{"function_hash":"313916193225476497303930420535499900034","length":3518}},{"target":{"function":"processRequest","file":"minissdpd/minissdpd.c"},"id":"CVE-2016-3178-d99c6588","signature_type":"Function","deprecated":false,"source":"https://github.com/miniupnp/miniupnp/commit/b238cade9a173c6f751a34acf8ccff838a62aa47","signature_version":"v1","digest":{"function_hash":"7502532630528395280715097097509639945","length":7361}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}