Search CVE reports


Toggle filters

1 – 4 of 4 results


CVE-2021-29462

Medium priority
Needs evaluation

The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it does not check the value of...

3 affected packages

libupnp, mediatomb, pupnp-1.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libupnp Not in release Not in release Not in release Needs evaluation Needs evaluation
mediatomb Not in release Not in release Not in release Not in release Needs evaluation
pupnp-1.8 Not in release Needs evaluation Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2021-28302

Medium priority
Vulnerable

A stack overflow in pupnp before version 1.14.5 can cause the denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a child node recursively, which will consume stack space and lead to a crash.

3 affected packages

libupnp, mediatomb, pupnp-1.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libupnp Not in release Not in release Not in release Vulnerable Vulnerable
mediatomb Not in release Not in release Not in release Not in release Vulnerable
pupnp-1.8 Not in release Vulnerable Vulnerable Vulnerable Not in release
Show less packages

CVE-2020-12695

Medium priority

Some fixes available 18 of 31

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka...

5 affected packages

gupnp, libupnp, minidlna, pupnp-1.8, wpa

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gupnp Not affected Not affected Fixed Vulnerable Vulnerable
libupnp Not in release Not in release Not in release Vulnerable Vulnerable
minidlna Not affected Not affected Fixed Fixed Fixed
pupnp-1.8 Not in release Vulnerable Vulnerable Vulnerable Not in release
wpa Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2020-13848

Medium priority
Needs evaluation

Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath...

2 affected packages

libupnp, pupnp-1.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libupnp Not in release Not in release Not in release Needs evaluation Needs evaluation
pupnp-1.8 Not in release Needs evaluation Needs evaluation Needs evaluation Not in release
Show less packages