CVE-2019-12107

Published: 15 May 2019

The upnp_event_prepare function in upnpevents.c in MiniUPnP MiniUPnPd through 2.1 allows a remote attacker to leak information from the heap due to improper validation of an snprintf return value.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
miniupnpd
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(2.1-6ubuntu2)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(2.1-6ubuntu2)
Ubuntu 18.04 LTS (Bionic Beaver) Needs triage

Ubuntu 16.04 LTS (Xenial Xerus)
Released (1.8.20140523-4.1+deb9u2build0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Ubuntu 12.04 ESM (Precise Pangolin) Does not exist