CVE-2019-12106

2019-05-1523:29:00

Google

osv.dev

0.008 Low

EPSS

Percentile

82.2%

JSON

The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 1.4 and 1.5 allows a remote attacker to crash the process due to a Use After Free vulnerability.

CPENameOperatorVersion
miniupnpeqminiupnpd_2_0
miniupnpeqminiupnpc_1_7
miniupnpeqminiupnpd_1_8
miniupnpeqminiupnpd_2_1
miniupnpeqminissdpd_1_5
miniupnpeqminiupnpc_2_0
miniupnpeqminiupnpc_2_1
miniupnpeqminiupnpd_1_7
miniupnpeqminissdpd_1_4
miniupnpeqminissdpd_1_2

Name	Operator	Version
miniupnp	eq	miniupnpd_2_0
miniupnp	eq	miniupnpc_1_7
miniupnp	eq	miniupnpd_1_8
miniupnp	eq	miniupnpd_2_1
miniupnp	eq	minissdpd_1_5
miniupnp	eq	miniupnpc_2_0
miniupnp	eq	miniupnpc_2_1
miniupnp	eq	miniupnpd_1_7
miniupnp	eq	minissdpd_1_4
miniupnp	eq	minissdpd_1_2