7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:P/I:N/A:C
0.005 Low
EPSS
Percentile
77.2%
Debian LTS Advisory DLA-2315-1 [email protected]
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
August 06, 2020 https://wiki.debian.org/LTS
Package : gupnp
Version : 1.0.1-1+deb9u1
CVE ID : CVE-2020-12695
Yunus Çadırcı found an issue in the SUBSCRIBE method of UPnP, a
network protocol for devices to automatically discover and communicate
with each other. Insuficient checks on this method allowed attackers
to use vulnerable UPnP services for DoS attacks or possibly to bypass
firewalls.
For Debian 9 stretch, this problem has been fixed in version
1.0.1-1+deb9u1.
We recommend that you upgrade your gupnp packages.
For the detailed security status of gupnp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gupnp
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 10 | arm64 | gir1.2-gupnp-1.0 | < 1.0.5-0+deb10u1 | gir1.2-gupnp-1.0_1.0.5-0+deb10u1_arm64.deb |
Debian | 10 | ppc64el | minidlna | < 1.2.1+dfsg-2+deb10u1 | minidlna_1.2.1+dfsg-2+deb10u1_ppc64el.deb |
Debian | 10 | amd64 | minidlna | < 1.2.1+dfsg-2+deb10u1 | minidlna_1.2.1+dfsg-2+deb10u1_amd64.deb |
Debian | 10 | armel | libgupnp-1.0-dev | < 1.0.5-0+deb10u1 | libgupnp-1.0-dev_1.0.5-0+deb10u1_armel.deb |
Debian | 9 | i386 | wpasupplicant-udeb | < 2:2.4-1+deb9u7 | wpasupplicant-udeb_2:2.4-1+deb9u7_i386.deb |
Debian | 9 | amd64 | libgupnp-1.0-4 | < 1.0.1-1+deb9u1 | libgupnp-1.0-4_1.0.1-1+deb9u1_amd64.deb |
Debian | 9 | i386 | wpagui | < 2:2.4-1+deb9u7 | wpagui_2:2.4-1+deb9u7_i386.deb |
Debian | 9 | arm64 | hostapd | < 2:2.4-1+deb9u7 | hostapd_2:2.4-1+deb9u7_arm64.deb |
Debian | 10 | s390x | wpasupplicant-udeb | < 2:2.7+git20190128+0c1e29f-6+deb10u3 | wpasupplicant-udeb_2:2.7+git20190128+0c1e29f-6+deb10u3_s390x.deb |
Debian | 9 | all | gupnp | < 1.0.1-1+deb9u1 | gupnp_1.0.1-1+deb9u1_all.deb |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:P/I:N/A:C
0.005 Low
EPSS
Percentile
77.2%