JFrog Security Research
< Back

XRAY-161552 - MiniSSDPd updateDevice UaF

CVE-2019-12106 | CVSS 7.5

JFrog Severity:high

Discovered ByBen Barneaof the JFrog Security Research Team

Published 6 Feb, 2019 | Last updated 6 Feb, 2019

The updateDevice function in MiniSSDPd allows a remote attacker to crash the process due to a Use-After-Free


MiniUPnP (,2.1], fixed in 2.2.0

It was discovered that there was a use after free vulnerability in minissdpd, a network device discovery daemon. A remote attacker could abuse this to crash the process.

No PoC is supplied for this issue

No vulnerability mitigations are supplied for this issue



< Back