Bug 1222007 (CVE-2023-33476)

Summary: VUL-0: CVE-2023-33476: minidlna -- security update
Product: [openSUSE] openSUSE Distribution Reporter: SMASH SMASH <smash_bz>
Component: SecurityAssignee: Ruediger Oertel <ro>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Critical    
Priority: P3 - Medium CC: stoyan.manolov
Version: Leap 15.6   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/368241/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2024-03-26 14:07:08 UTC 
ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when
handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk values that exceed the length of the allocated buffer, resulting in out-of-bounds read/write.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33476
https://www.cve.org/CVERecord?id=CVE-2023-33476
https://blog.coffinsec.com/0day/2023/05/31/minidlna-heap-overflow-rca.html
https://sourceforge.net/p/minidlna/git/ci/9bd58553fae5aef3e6dd22f51642d2c851225aec/
https://sourceforge.net/projects/minidlna/
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037052
https://security-tracker.debian.org/tracker/DSA-5434-1
https://lists.debian.org/debian-lts-announce/2023/06/msg00027.html
https://www.debian.org/security/2023/dsa-5434
https://security.gentoo.org/glsa/202311-12
Comment 1 Ruediger Oertel 2024-03-26 14:32:40 UTC 
devel project (multimedia:apps) and openSUSE:Factory have version 1.3.3

openSUSE:Backports:SLE-15-SP6 has 1.3.3

backports 15.5 created request id 1162295

backports 15.4 tells me it is unmaintained built in home:oertel:branches:openSUSE:Backports:SLE-15-SP4:Update/minidlna
Comment 2 OBSbugzilla Bot 2024-03-26 15:35:02 UTC 
This is an autogenerated message for OBS integration:
This bug (1222007) was mentioned in
https://build.opensuse.org/request/show/1162295 Backports:SLE-15-SP5 / minidlna
Comment 3 Marcus Meissner 2024-03-29 02:04:55 UTC 
openSUSE-SU-2024:0093-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1222007
CVE References: CVE-2023-33476
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP5 (src):    minidlna-1.3.3-bp155.2.3.1