CVE-2013-1461 — Project Miniupnpd vulnerability

3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.7%

top 28.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Miniupnp Project Miniupnpd Debian Miniupnpd

Timeline

PublishedJan 31

Latest updateMay 17

Description

The ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and service crash) via a SOAPAction header that lacks a # (pound sign) character, a different vulnerability than CVE-2013-0230.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

▶debiandebian/miniupnpd

▶NVDminiupnp_project/miniupnpd1.0

🔴Vulnerability Details

GHSA

GHSA-fp8r-qhv9-2hqm: The ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1↗2022-05-17

▶

📋Vendor Advisories

Debian

CVE-2013-1461: miniupnpd - The ExecuteSoapAction function in the SOAPAction handler in the HTTP service in ...↗2013

▶