Search CVE reports
1 – 4 of 4 results
CVE-2021-29462
Medium priorityThe Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it does not check the value of...
3 affected packages
libupnp, mediatomb, pupnp-1.8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libupnp | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
mediatomb | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
pupnp-1.8 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
CVE-2021-28302
Medium priorityA stack overflow in pupnp before version 1.14.5 can cause the denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a child node recursively, which will consume stack space and lead to a crash.
3 affected packages
libupnp, mediatomb, pupnp-1.8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libupnp | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
mediatomb | Not in release | Not in release | Not in release | Not in release | Vulnerable |
pupnp-1.8 | Not in release | Vulnerable | Vulnerable | Vulnerable | Not in release |
CVE-2020-12695
Medium prioritySome fixes available 18 of 31
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka...
5 affected packages
gupnp, libupnp, minidlna, pupnp-1.8, wpa
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gupnp | Not affected | Not affected | Fixed | Vulnerable | Vulnerable |
libupnp | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
minidlna | Not affected | Not affected | Fixed | Fixed | Fixed |
pupnp-1.8 | Not in release | Vulnerable | Vulnerable | Vulnerable | Not in release |
wpa | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2020-13848
Medium priorityPortable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath...
2 affected packages
libupnp, pupnp-1.8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libupnp | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
pupnp-1.8 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |