CVE-2019-12108

Name

CVE-2019-12108

Description

A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for int_port.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
Exploit	https://www.vdoo.com/blog/security-issues-discovered-in-miniupnp
Patch	https://github.com/miniupnp/miniupnp/commit/86030db849260dd8fb2ed975b9890aef1b62b692
Patch	https://github.com/miniupnp/miniupnp/commit/13585f15c7f7dc28bbbba1661efb280d530d114c
MLIST	https://lists.debian.org/debian-lts-announce/2019/05/msg00045.html
UBUNTU	https://usn.ubuntu.com/4542-1/

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:miniupnp_project:miniupnpd::::::::`	miniupnpd	>= None	<= 2.1

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
miniupnpd	3.14-community	2.2.2-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed