Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Miniupnpd
(Miniupnp_project)| Repositories | https://github.com/miniupnp/miniupnp |
| #Vulnerabilities | 12 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-05-11 | CVE-2017-8798 | Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact. | Miniupnpd | 9.8 | ||
| 2019-05-15 | CVE-2019-12111 | A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in copyIPv6IfDifferent in pcpserver.c. | Debian_linux, Miniupnpd | N/A | ||
| 2019-11-01 | CVE-2013-2600 | MiniUPnPd has information disclosure use of snprintf() | Debian_linux, Miniupnpd | N/A | ||
| 2019-05-15 | CVE-2019-12109 | A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for rem_port. | Miniupnpd | 7.5 | ||
| 2019-05-15 | CVE-2019-12108 | A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for int_port. | Miniupnpd | 7.5 | ||
| 2018-01-03 | CVE-2017-1000494 | Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact | Miniupnpd | 7.8 | ||
| 2019-05-15 | CVE-2019-12106 | The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 1.4 and 1.5 allows a remote attacker to crash the process due to a Use After Free vulnerability. | Miniupnpd | 7.5 | ||
| 2014-09-11 | CVE-2014-3985 | The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows remote attackers to cause a denial of service (crash) via crafted headers that trigger an out-of-bounds read. | Linux_kernel, Miniupnpd, Opensuse | N/A | ||
| 2013-01-31 | CVE-2013-1462 | Integer signedness error in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (incorrect memory copy) via a SOAPAction header that lacks a " (double quote) character, a different vulnerability than CVE-2013-0230. | Miniupnpd | N/A | ||
| 2013-01-31 | CVE-2013-1461 | The ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and service crash) via a SOAPAction header that lacks a # (pound sign) character, a different vulnerability than CVE-2013-0230. | Miniupnpd | N/A |