CVE-2019-12110

Name

CVE-2019-12110

Description

An AddPortMapping Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in upnpredirect.c.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

Exploits

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
Exploit	https://www.vdoo.com/blog/security-issues-discovered-in-miniupnp
Patch	https://github.com/miniupnp/miniupnp/commit/f321c2066b96d18afa5158dfa2d2873a2957ef38
MLIST	https://lists.debian.org/debian-lts-announce/2019/05/msg00045.html
UBUNTU	https://usn.ubuntu.com/4542-1/

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:miniupnp.free:miniupnpd::::::::`	miniupnpd	>= None	<= 2.1

Source package	Branch	Version	Maintainer	Status
miniupnpd	edge-community	2.2.2-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
miniupnpd	3.22-community	2.2.2-r0	None	fixed
miniupnpd	3.21-community	2.2.2-r0	None	fixed
miniupnpd	3.20-community	2.2.2-r0	None	fixed
miniupnpd	3.19-community	2.2.2-r0	None	fixed
miniupnpd	3.18-community	2.2.2-r0	None	fixed
miniupnpd	3.17-community	2.2.2-r0	None	fixed