What is CVE-2020-28926?

CVE-2020-28926 is a vulnerability in N/a. Published 2020-11-30.

Is CVE-2020-28926 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-28926

ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to…

EPSS: 0.676 (98.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

lorsanta/exploit-CVE-2020-28926
ARPSyndicate/cvemon
developer3000S/PoC-in-GitHub
nomi-sec/PoC-in-GitHub

References

sourceforge.net/projects/minidlna/ (x_refsource_MISC)
www.rootshellsecurity.net/remote-heap-corruption-bug-discovery-minidlna/ (x_refsource_MISC)
DSA-4806 (vendor-advisory, x_refsource_DEBIAN)
[debian-lts-announce] 20201210 [SECURITY] [DLA 2489-1] minidlna security update (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2020-28926?: CVE-2020-28926 is a vulnerability in N/a. Published 2020-11-30.
Is CVE-2020-28926 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.