Vulnerability Details CVE-2019-12111
A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in copyIPv6IfDifferent in pcpserver.c.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.4%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/miniupnp/miniupnp/commit/cb8a02af7a5677cf608e86d57ab04241cf34e24f
- https://lists.debian.org/debian-lts-announce/2019/05/msg00045.html
- https://usn.ubuntu.com/4542-1/
- https://www.vdoo.com/blog/security-issues-discovered-in-miniupnp
- https://github.com/miniupnp/miniupnp/commit/cb8a02af7a5677cf608e86d57ab04241cf34e24f
- https://lists.debian.org/debian-lts-announce/2019/05/msg00045.html
- https://usn.ubuntu.com/4542-1/
- https://www.vdoo.com/blog/security-issues-discovered-in-miniupnp
Products affected by CVE-2019-12111
-
cpe:2.3:a:miniupnp_project:miniupnpd:1.0
-
cpe:2.3:a:miniupnp_project:miniupnpd:1.1
-
cpe:2.3:a:miniupnp_project:miniupnpd:1.2
-
cpe:2.3:a:miniupnp_project:miniupnpd:1.3
-
cpe:2.3:a:miniupnp_project:miniupnpd:1.4
-
cpe:2.3:a:miniupnp_project:miniupnpd:1.5
-
cpe:2.3:a:miniupnp_project:miniupnpd:1.6
-
cpe:2.3:a:miniupnp_project:miniupnpd:1.7
-
cpe:2.3:a:miniupnp_project:miniupnpd:1.8
-
cpe:2.3:a:miniupnp_project:miniupnpd:1.8.20130207
-
cpe:2.3:a:miniupnp_project:miniupnpd:1.9
-
cpe:2.3:a:miniupnp_project:miniupnpd:2.0
-
cpe:2.3:a:miniupnp_project:miniupnpd:2.1
-
cpe:2.3:o:debian:debian_linux:8.0