CVE-2013-1462 — Project Miniupnpd vulnerability

4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.7%

top 28.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Miniupnp Project Miniupnpd Debian Miniupnpd

Timeline

PublishedJan 31

Latest updateMay 17

Description

Integer signedness error in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (incorrect memory copy) via a SOAPAction header that lacks a " (double quote) character, a different vulnerability than CVE-2013-0230.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

▶debiandebian/miniupnpd

▶NVDminiupnp_project/miniupnpd1.0

🔴Vulnerability Details

GHSA

GHSA-rhgq-m6r3-xf46: Integer signedness error in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1↗2022-05-17

▶

📋Vendor Advisories

Debian

CVE-2013-1462: miniupnpd - Integer signedness error in the ExecuteSoapAction function in the SOAPAction han...↗2013

▶

💬Community

Bugzilla

CVE-2012-5060 mysql: unspecified DoS vulnerability related to GIS (CPU Jan 2013)↗2013-01-16

▶