The Rootshell Security team have discovered a bug within miniDLNA; an open-source server software for exchanging media files, such as videos, between devices on a network.
The team identified that a remotely exploitable heap corruption issue exists within the miniDLNA software. Heap corruption occurs when memory allocation for data is handled incorrectly.
The bug is triggered when Universal Plug and Play (UPnP), a set of networking protocols that enable devices to exchange data, attempts to process requests for data transfer.
The root cause of the issue is due to miniDLNA inadvertently allowing a remote attacker to manipulate the length of data ‘chunks’; this is a method for transferring data (also known as ‘chunked transfer encoding’). An attacker could specify a large, and therefore negative, length for a chunk, which leads to memory corruption (due to an ‘out–of–bounds’ error in calls to the memory copy functions ‘memcpy’ and ‘memmove’).
As well as memory corruption, the bug could be exploited to cause an infinite loop. Both would result in a denial–of–service (DoS) attack.
Rootshell’s Head of Research and Developme