This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Miniupnp Project First view 2013-01-31
Product Miniupnpd Last view 2019-11-01
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:miniupnp_project:miniupnpd:1.0:-:*:*:*:*:*:* 8
cpe:2.3:a:miniupnp_project:miniupnpd:1.8:-:*:*:*:*:*:* 6
cpe:2.3:a:miniupnp_project:miniupnpd:1.5:-:*:*:*:*:*:* 6
cpe:2.3:a:miniupnp_project:miniupnpd:1.4:-:*:*:*:*:*:* 6
cpe:2.3:a:miniupnp_project:miniupnpd:1.2:*:*:*:*:*:*:* 5
cpe:2.3:a:miniupnp_project:miniupnpd:1.1:*:*:*:*:*:*:* 5
cpe:2.3:a:miniupnp_project:miniupnpd:*:*:*:*:*:*:*:* 5
cpe:2.3:a:miniupnp_project:miniupnpd:1.9:*:*:*:*:*:*:* 5
cpe:2.3:a:miniupnp_project:miniupnpd:1.7:-:*:*:*:*:*:* 5
cpe:2.3:a:miniupnp_project:miniupnpd:2.0:-:*:*:*:*:*:* 4

Related : CVE

  Date Alert Description
7.5 2019-11-01 CVE-2013-2600

MiniUPnPd has information disclosure use of snprintf()
7.5 2019-05-15 CVE-2019-12111

A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in copyIPv6IfDifferent in pcpserver.c.
7.5 2019-05-15 CVE-2019-12109

A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for rem_port.
7.5 2019-05-15 CVE-2019-12108

A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for int_port.
7.5 2019-05-15 CVE-2019-12106

The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 1.4 and 1.5 allows a remote attacker to crash the process due to a Use After Free vulnerability.
7.8 2018-01-03 CVE-2017-1000494

Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact
9.8 2017-05-10 CVE-2017-8798

Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
7.8 2013-01-31 CVE-2013-1462

Integer signedness error in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (incorrect memory copy) via a SOAPAction header that lacks a " (double quote) character, a different vulnerability than CVE-2013-0230.
7.8 2013-01-31 CVE-2013-1461

The ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and service crash) via a SOAPAction header that lacks a # (pound sign) character, a different vulnerability than CVE-2013-0230.
10 2013-01-31 CVE-2013-0230

Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method.
7.8 2013-01-31 CVE-2013-0229

The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read.

CWE : Common Weakness Enumeration

%idName
33% (3) CWE-476 NULL Pointer Dereference
33% (3) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
11% (1) CWE-416 Use After Free
11% (1) CWE-200 Information Exposure
11% (1) CWE-189 Numeric Errors

Snort® IPS/IDS

Date Description
2014-05-08 MiniUPnPd ExecuteSoapAction buffer overflow attempt
RuleID : 30507 - Type : SERVER-OTHER - Revision : 3
2014-01-10 MiniUPnPd ExecuteSoapAction null pointer dereference attempt
RuleID : 25781 - Type : SERVER-OTHER - Revision : 2
2014-01-10 MiniUPnPd ExecuteSoapAction buffer overflow attempt
RuleID : 25780 - Type : SERVER-OTHER - Revision : 5
2014-01-10 MiniUPnPd SSDP request buffer overflow attempt
RuleID : 25664 - Type : SERVER-OTHER - Revision : 5

Nessus® Vulnerability Scanner

id Description
2017-06-01 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-638.nasl - Type: ACT_GATHER_INFO
2017-05-25 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-3298-1.nasl - Type: ACT_GATHER_INFO
2017-05-25 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-3298-2.nasl - Type: ACT_GATHER_INFO
2017-05-23 Name: The remote Debian host is missing a security update.
File: debian_DLA-949.nasl - Type: ACT_GATHER_INFO
2017-05-23 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_da1d5d2e3eca11e788610018fe623f2b.nasl - Type: ACT_GATHER_INFO
2013-01-31 Name: A network service running on the remote host has multiple vulnerabilities.
File: miniupnpd_1_4.nasl - Type: ACT_GATHER_INFO