logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2020-12695

Description

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.


Affected Package


OS OS Version Package Name Package Version
Debian 12 gupnp 1.4.3-1
Debian 11 gupnp 1.2.4-1
Debian 10 gupnp 1.0.5-0+deb10u1
Debian 999 gupnp 1.4.3-1
Debian 12 minidlna 1.3.0+dfsg-2.2
Debian 11 minidlna 1.3.0+dfsg-2+deb11u1
Debian 10 minidlna 1.2.1+dfsg-2+deb10u2
Debian 999 minidlna 1.3.0+dfsg-2.2
Debian 12 pupnp-1.8 1:1.8.4-2
Debian 11 pupnp-1.8 1:1.8.4-2
Debian 10 pupnp-1.8 1:1.8.4-2
Debian 999 pupnp-1.8 1:1.8.4-2
Debian 12 wpa 2:2.10-9
Debian 11 wpa 2:2.9.0-21
Debian 10 wpa 2:2.7+git20190128+0c1e29f-6+deb10u3
Debian 999 wpa 2:2.10-9

Related