Ubuntu
miniupnpc package

  1. Bug #1506017
  2. Comment #3

Comment 3 for bug 1506017

Revision history for this message
W. J. van der Laan (laanwj) wrote :

BTW: for transmission-gtk and vino this appears to be a heap overflow, not a stack overflow.
The UPNP_GetValidIGD function overwrites a caller-provided pointer to a IGDdatas structure, and it happens to be on the heap.

- vino: https://git.gnome.org/browse/vino/tree/server/vino-upnp.c#n39
- transmission: https://trac.transmissionbt.com/browser/trunk/libtransmission/upnp.c#Lstatic45

For these packages, the structure is a static global variable

- maki-plugins
- libeiskaltdcpp2.2

For these it is on the stack:
- 0ad

Doesn't call UPNP_GetValidIGD at all:
- warzone2100
- megaglest

Bitcoin (not an ubuntu package, but the ppa used to rely on this package) is one of the few programs that has the structure on the stack. Apparently Cisco TALOS used that for their probing.