JFrog Security Research
< Back

XRAY-148212 - MiniUPnPd GetOutboundPinholeTimeout NULL pointer dereference

CVE-2019-12109 | CVSS 7.5

JFrog Severity:high

Discovered ByBen Barneaof the JFrog Security Research Team

Published 6 Feb, 2019 | Last updated 6 Feb, 2019

Denial Of Service in MiniUPnPd due to a NULL pointer dereference in upnpsoap.c for rem_port

MiniUPnP

MiniUPnP (,2.1], fixed in 2.2.0

It was discovered that MiniUPnPd incorrectly handled unpopulated user XML input. An attacker could possibly use this issue to cause MiniUPnPd to crash, resulting in a denial of service.

No PoC is supplied for this issue

No vulnerability mitigations are supplied for this issue

NVD

NVD

< Back