CVE-2009-2174
published 2009-06-23CVE-2009-2174: GUPnP 0.12.7 allows remote attackers to cause a denial of service (crash) via an empty (1) subscription or (2) control message.
PriorityP423medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
4.88%
91.0th percentile
GUPnP 0.12.7 allows remote attackers to cause a denial of service (crash) via an empty (1) subscription or (2) control message.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gupnp | < gupnp 0.12.6-3.1 (bookworm) | gupnp 0.12.6-3.1 (bookworm) |
| gupnp | gupnp | — | — |
| gupnp | gupnp | >= 0 < 0.12.6-3.1 | 0.12.6-3.1 |
| gupnp | gupnp | >= 0 < 0.12.6-3.1 | 0.12.6-3.1 |
| gupnp | gupnp | >= 0 < 0.12.6-3.1 | 0.12.6-3.1 |
| gupnp | gupnp | >= 0 < 0.12.6-3.1 | 0.12.6-3.1 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-grgj-ggj5-6hcm: GUPnP 0
ghsa_unreviewed·2022-05-02
CVE-2009-2174 [MEDIUM] GHSA-grgj-ggj5-6hcm: GUPnP 0
GUPnP 0.12.7 allows remote attackers to cause a denial of service (crash) via an empty (1) subscription or (2) control message.
OSV
CVE-2009-2174: GUPnP 0
osv·2009-06-23·CVSS 5.0
CVE-2009-2174 [MEDIUM] CVE-2009-2174: GUPnP 0
GUPnP 0.12.7 allows remote attackers to cause a denial of service (crash) via an empty (1) subscription or (2) control message.
Debian
CVE-2009-2174: gupnp - GUPnP 0.12.7 allows remote attackers to cause a denial of service (crash) via an...
vendor_debian·2009·CVSS 5.0
CVE-2009-2174 [MEDIUM] CVE-2009-2174: gupnp - GUPnP 0.12.7 allows remote attackers to cause a denial of service (crash) via an...
GUPnP 0.12.7 allows remote attackers to cause a denial of service (crash) via an empty (1) subscription or (2) control message.
Scope: local
bookworm: resolved (fixed in 0.12.6-3.1)
bullseye: resolved (fixed in 0.12.6-3.1)
forky: resolved (fixed in 0.12.6-3.1)
sid: resolved (fixed in 0.12.6-3.1)
trixie: resolved (fixed in 0.12.6-3.1)
No detection rules found.
No writeups or analysis indexed.
http://bugzilla.openedhand.com/show_bug.cgi?id=1604http://git.gupnp.org/cgit.cgi?url=gupnp/tree/NEWS&id=ce714a6700ce03953a2886a66ec57db59205f4e6http://secunia.com/advisories/35472http://secunia.com/advisories/35482http://www.osvdb.org/55128http://www.securityfocus.com/bid/35390http://www.vupen.com/english/advisories/2009/1597https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00494.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-June/msg00607.htmlhttp://bugzilla.openedhand.com/show_bug.cgi?id=1604http://git.gupnp.org/cgit.cgi?url=gupnp/tree/NEWS&id=ce714a6700ce03953a2886a66ec57db59205f4e6http://secunia.com/advisories/35472http://secunia.com/advisories/35482http://www.osvdb.org/55128http://www.securityfocus.com/bid/35390http://www.vupen.com/english/advisories/2009/1597https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00494.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-June/msg00607.html
2009-06-23
Published