Vulnerability Details CVE-2019-12108
A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for int_port.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/miniupnp/miniupnp/commit/13585f15c7f7dc28bbbba1661efb280d530d114c
- https://github.com/miniupnp/miniupnp/commit/86030db849260dd8fb2ed975b9890aef1b62b692
- https://lists.debian.org/debian-lts-announce/2019/05/msg00045.html
- https://usn.ubuntu.com/4542-1/
- https://www.vdoo.com/blog/security-issues-discovered-in-miniupnp
- https://github.com/miniupnp/miniupnp/commit/13585f15c7f7dc28bbbba1661efb280d530d114c
- https://github.com/miniupnp/miniupnp/commit/86030db849260dd8fb2ed975b9890aef1b62b692
- https://lists.debian.org/debian-lts-announce/2019/05/msg00045.html
- https://usn.ubuntu.com/4542-1/
- https://www.vdoo.com/blog/security-issues-discovered-in-miniupnp
Products affected by CVE-2019-12108
-
cpe:2.3:a:miniupnp_project:miniupnpd:1.0
-
cpe:2.3:a:miniupnp_project:miniupnpd:1.1
-
cpe:2.3:a:miniupnp_project:miniupnpd:1.2
-
cpe:2.3:a:miniupnp_project:miniupnpd:1.3
-
cpe:2.3:a:miniupnp_project:miniupnpd:1.4
-
cpe:2.3:a:miniupnp_project:miniupnpd:1.5
-
cpe:2.3:a:miniupnp_project:miniupnpd:1.6
-
cpe:2.3:a:miniupnp_project:miniupnpd:1.7
-
cpe:2.3:a:miniupnp_project:miniupnpd:1.8
-
cpe:2.3:a:miniupnp_project:miniupnpd:1.8.20130207
-
cpe:2.3:a:miniupnp_project:miniupnpd:1.9
-
cpe:2.3:a:miniupnp_project:miniupnpd:2.0
-
cpe:2.3:a:miniupnp_project:miniupnpd:2.1