Vulnerability Details CVE-2019-12110
An AddPortMapping Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in upnpredirect.c.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/miniupnp/miniupnp/commit/f321c2066b96d18afa5158dfa2d2873a2957ef38
- https://lists.debian.org/debian-lts-announce/2019/05/msg00045.html
- https://usn.ubuntu.com/4542-1/
- https://www.vdoo.com/blog/security-issues-discovered-in-miniupnp
- https://github.com/miniupnp/miniupnp/commit/f321c2066b96d18afa5158dfa2d2873a2957ef38
- https://lists.debian.org/debian-lts-announce/2019/05/msg00045.html
- https://usn.ubuntu.com/4542-1/
- https://www.vdoo.com/blog/security-issues-discovered-in-miniupnp
Products affected by CVE-2019-12110
-
cpe:2.3:a:miniupnp.free:miniupnpd:*