CVE-2013-0229
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
31/01/2013
Last modified:
11/04/2025
Description
The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read.
Impact
Base Score 2.0
7.80
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:miniupnp_project:miniupnpd:*:*:*:*:*:*:*:* | 1.3 (including) | |
| cpe:2.3:a:miniupnp_project:miniupnpd:1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:miniupnp_project:miniupnpd:1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:miniupnp_project:miniupnpd:1.2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play
- https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf
- https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb
- https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play
- https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf
- https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb