A specially crafted XML response can lead to a buffer overflow, on the stack, resulting in remote code execution. Vulnerability discovered by Aleksandar Nikolic of Cisco Talos. The vulnerable code is triggered by an oversized XML element name when applications using miniupnpc library are doing initial network discovery upon startup, while parsing the replies from UPNP servers on the local network. MiniUPnP is commonly used to allow two devices which are behind NAT firewalls to communicate with each other. Common peer-to-peer applications include Tor, cryptocurrency miners and wallets, Skype and bittorrent.”]
Source: https://blogs.cisco.com/security/talos/vulnerability-spotlight-miniupnp

