CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2013-0229

The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.743

EPSS Ranking 98.8%

CVSS Severity

CVSS v2 Score 7.8

References

https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play
https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf
https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb
https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play
https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf
https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb

Products affected by CVE-2013-0229

Miniupnp Project » Miniupnpd » Version: 1.0

cpe:2.3:a:miniupnp_project:miniupnpd:1.0
Miniupnp Project » Miniupnpd » Version: 1.1

cpe:2.3:a:miniupnp_project:miniupnpd:1.1
Miniupnp Project » Miniupnpd » Version: 1.2

cpe:2.3:a:miniupnp_project:miniupnpd:1.2
Miniupnp Project » Miniupnpd » Version: 1.3

cpe:2.3:a:miniupnp_project:miniupnpd:1.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-0229

Products

Pricing

Contact Us