CVE-2019-12109
Published: 15 May 2019
A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for rem_port.
Priority
CVSS 3 base score: 7.5
Status
Package | Release | Status |
---|---|---|
miniupnpd Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(2.1-6ubuntu2)
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(2.1-6ubuntu2)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Needs triage
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(1.8.20140523-4.1+deb9u2build0.16.04.1)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12109
- https://github.com/miniupnp/miniupnp/commit/13585f15c7f7dc28bbbba1661efb280d530d114c
- https://github.com/miniupnp/miniupnp/commit/86030db849260dd8fb2ed975b9890aef1b62b692
- https://www.vdoo.com/blog/security-issues-discovered-in-miniupnp
- https://usn.ubuntu.com/usn/usn-4542-1
- NVD
- Launchpad
- Debian