Debian Miniupnpd vulnerabilities

11 known vulnerabilities affecting debian/miniupnpd.

Total CVEs
11
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH6LOW5

Vulnerabilities

Page 1 of 1
CVE-2019-12111HIGHCVSS 7.5fixed in miniupnpd 2.1-6 (bookworm)2019
CVE-2019-12111 [HIGH] CVE-2019-12111: miniupnpd - A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due t... A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in copyIPv6IfDifferent in pcpserver.c. Scope: local bookworm: resolved (fixed in 2.1-6) bullseye: resolved (fixed in 2.1-6) forky: resolved (fixed in 2.1-6) sid: resolved (fixed in 2.1-6) trixie: resolved (fixed in 2.1-6)
debian
CVE-2019-12107HIGHCVSS 7.5fixed in miniupnpd 2.1-6 (bookworm)2019
CVE-2019-12107 [HIGH] CVE-2019-12107: miniupnpd - The upnp_event_prepare function in upnpevents.c in MiniUPnP MiniUPnPd through 2.... The upnp_event_prepare function in upnpevents.c in MiniUPnP MiniUPnPd through 2.1 allows a remote attacker to leak information from the heap due to improper validation of an snprintf return value. Scope: local bookworm: resolved (fixed in 2.1-6) bullseye: resolved (fixed in 2.1-6) forky: resolved (fixed in 2.1-6) sid: resolved (fixed in 2.1-6) trixie: resolved (fi
debian
CVE-2019-12108HIGHCVSS 7.5fixed in miniupnpd 2.1-6 (bookworm)2019
CVE-2019-12108 [HIGH] CVE-2019-12108: miniupnpd - A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due t... A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for int_port. Scope: local bookworm: resolved (fixed in 2.1-6) bullseye: resolved (fixed in 2.1-6) forky: resolved (fixed in 2.1-6) sid: resolved (fixed in 2.1-6) trixie: resolved (fixed in 2.1-6)
debian
CVE-2019-12109HIGHCVSS 7.5fixed in miniupnpd 2.1-6 (bookworm)2019
CVE-2019-12109 [HIGH] CVE-2019-12109: miniupnpd - A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due t... A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for rem_port. Scope: local bookworm: resolved (fixed in 2.1-6) bullseye: resolved (fixed in 2.1-6) forky: resolved (fixed in 2.1-6) sid: resolved (fixed in 2.1-6) trixie: resolved (fixed in 2.1-6)
debian
CVE-2019-12110HIGHCVSS 7.5fixed in miniupnpd 2.1-6 (bookworm)2019
CVE-2019-12110 [HIGH] CVE-2019-12110: miniupnpd - An AddPortMapping Denial Of Service vulnerability in MiniUPnP MiniUPnPd through ... An AddPortMapping Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in upnpredirect.c. Scope: local bookworm: resolved (fixed in 2.1-6) bullseye: resolved (fixed in 2.1-6) forky: resolved (fixed in 2.1-6) sid: resolved (fixed in 2.1-6) trixie: resolved (fixed in 2.1-6)
debian
CVE-2017-1000494LOWCVSS 7.8fixed in miniupnpc 2.0.20171212-3 (bookworm)2017
CVE-2017-1000494 [HIGH] CVE-2017-1000494: miniupnpc - Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplypa... Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact Scope: local bookworm: resolved (fixed in 2.0.20171212-3) bullseye: resolved (fixed in 2.0.20171212-3) forky: resolved (fixed
debian
CVE-2013-2600HIGHCVSS 7.5fixed in miniupnpd 1.8.20130730-1 (bookworm)2013
CVE-2013-2600 [HIGH] CVE-2013-2600: miniupnpd - MiniUPnPd has information disclosure use of snprintf() MiniUPnPd has information disclosure use of snprintf() Scope: local bookworm: resolved (fixed in 1.8.20130730-1) bullseye: resolved (fixed in 1.8.20130730-1) forky: resolved (fixed in 1.8.20130730-1) sid: resolved (fixed in 1.8.20130730-1) trixie: resolved (fixed in 1.8.20130730-1)
debian
CVE-2013-0230LOWCVSS 10.0PoC2013
CVE-2013-0230 [CRITICAL] CVE-2013-0230: miniupnpd - Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction ... Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved
debian
CVE-2013-0229LOWCVSS 7.8PoC2013
CVE-2013-0229 [HIGH] CVE-2013-0229: miniupnpd - The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP Mi... The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved
debian
CVE-2013-1462LOWCVSS 10.02013
CVE-2013-1462 [CRITICAL] CVE-2013-1462: miniupnpd - Integer signedness error in the ExecuteSoapAction function in the SOAPAction han... Integer signedness error in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (incorrect memory copy) via a SOAPAction header that lacks a " (double quote) character, a different vulnerability than CVE-2013-0230. Scope: local bookworm: resolved bullseye: res
debian
CVE-2013-1461LOWCVSS 10.02013
CVE-2013-1461 [CRITICAL] CVE-2013-1461: miniupnpd - The ExecuteSoapAction function in the SOAPAction handler in the HTTP service in ... The ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and service crash) via a SOAPAction header that lacks a # (pound sign) character, a different vulnerability than CVE-2013-0230. Scope: local bookworm: resolved bullseye: resolved for
debian