Lucene search
+L
Miniupnp ProjectMiniupnpd

12 matches found

CVE
CVE
added 2017/05/11 1:0 a.m.1359 views

CVE-2017-8798

CVE-2017-8798 concerns an integer signedness error in the MiniUPnP library (MiniUPnPc) used by miniupnpc. AffectedVersions: v1.4.20101221 through v2.0. Root cause: a signedness/bounds issue in the getHTTPResponse/miniwget path that parses chunked-encoded HTTP responses. Impact: remote attacker co...

9.8CVSS9.5AI score0.24027EPSS
CVE
CVE
added 2019/05/15 10:23 p.m.298 views

CVE-2019-12111

CVE-2019-12111 affects MiniUPnPd (miniupnpd) up to version 2.1, caused by a NULL pointer dereference in copyIPv6IfDifferent in pcpserver.c leading to Denial of Service. Public references in multiple advisories (Debian DLA-1811, Fedora update FEDORA-2019-0a26e06dd5, Ubuntu USN-4542-1) indicate a p...

7.5CVSS7.1AI score0.03404EPSS
CVE
CVE
added 2019/11/01 11:48 a.m.260 views

CVE-2013-2600

CVE-2013-2600 concerns MiniUPnPd, where the vulnerability arises from improper use of snprintf in SSDP response construction. Versions 1.8 and earlier are affected. An attacker can trigger an information disclosure by sending a crafted SSDP request with a long ST header; if the header is long eno...

7.5CVSS7.2AI score0.02335EPSS
CVE
CVE
added 2018/01/03 2:0 p.m.238 views

CVE-2017-1000494

CVE-2017-1000494 affects MiniUPnPd (miniupnpd) versions prior to 2.0, due to an uninitialized stack variable in NameValueParserEndElt (upnpreplyparse.c). This leads to Denial of Service (segmentation fault/memory corruption) and may have other impacts. Public advisories confirm remediation by upg...

7.8CVSS7.7AI score0.00466EPSS
CVE
CVE
added 2019/05/15 10:23 p.m.227 views

CVE-2019-12109

CVE-2019-12109 is a denial-of-service vulnerability in MiniUPnP MiniUPnPd (upnpd) up to version 2.1, caused by a NULL pointer dereference in GetOutboundPinholeTimeout (upnpsoap.c) when handling rem_port. Public references (Ubuntu/Debian advisories and OSS/OSSN notes) confirm the issue and provide...

7.5CVSS7.1AI score0.02753EPSS
CVE
CVE
added 2019/05/15 10:23 p.m.209 views

CVE-2019-12108

CVE-2019-12108 affects MiniUPnPd (miniupnpd) with a NULL pointer dereference in GetOutboundPinholeTimeout (upnpsoap.c for int_port), causing a Denial of Service. Connected sources reference Ubuntu USN-4542-1 and Debian DLA-1811-1 describing vulnerable releases and patches. Affected product: MiniU...

7.5CVSS7.1AI score0.02753EPSS
CVE
CVE
added 2019/05/15 10:22 p.m.165 views

CVE-2019-12106

CVE-2019-12106 affects MiniUPnP MiniSSDPd, specifically the updateDevice function in minissdpd.c for versions 1.4 and 1.5. The vulnerability is a Use-After-Free that allows a remote attacker to crash the process (DoS). Connected sources confirm a resource mismanagement/use-after-free issue in upd...

7.5CVSS7.4AI score0.02829EPSS
CVE
CVE
added 2013/01/31 9:0 p.m.115 views

CVE-2013-0229

CVE-2013-0229 is a vulnerability in MiniUPnP MiniUPnPd prior to 1.4 where the ProcessSSDPRequest function (minissdp.c) contains a boundary error that can trigger a buffer over-read. A remote attacker can send a crafted SSDP/M-SEARCH request to cause a denial of service (service crash). The issue ...

7.8CVSS6.7AI score0.76396EPSS
Web
CVE
CVE
added 2013/01/31 9:0 p.m.112 views

CVE-2013-0230

CVE-2013-0230 affects MiniUPnPd 1.0 (UPnP daemon). A stack-based buffer overflow in the ExecuteSoapAction function of the SOAPAction HTTP header handling can allow remote attackers to execute arbitrary code via a long quoted method. Public exploit/ PoC activity and Metasploit modules exist (e.g.,...

10CVSS8AI score0.69151EPSS
Web
CVE
CVE
added 2026/04/17 9:39 p.m.77 views

CVE-2026-5720

The CVE-2026-5720 issue affects the MiniUPnP daemon (miniupnpd). The vulnerability is an integer underflow in SOAPAction header parsing within ParseHttpHeaders(), where improper length validation can cause an underflow to a large unsigned value and an out-of-bounds memchr() read. This can lead to...

9.1CVSS5.8AI score0.00674EPSS
CVE
CVE
added 2013/01/31 9:0 p.m.68 views

CVE-2013-1461

CVE-2013-0230 affects MiniUPnPd 1.0 and targets the SOAPAction handler in the HTTP service. A stack-based buffer overflow occurs in processing the SOAPAction header, allowing a remote attacker to execute arbitrary code. Exploitation details are documented in public advisories and exploits (e.g., ...

7.8CVSS6.6AI score0.02795EPSS
CVE
CVE
added 2013/01/31 9:0 p.m.57 views

CVE-2013-1462

Technical details for CVE-2013-1462 are not provided in the supplied documents; connected items discuss other CVEs (e.g., CVE-2013-0230) and related exploits. Monitor for updates.

7.8CVSS6.5AI score0.01849EPSS