JFrog Security Research
< Back

XRAY-148214 - MiniUPnPd upnp_event_prepare infoleak

CVE-2019-12107 | CVSS 7.5

JFrog Severity:high

Discovered ByBen Barneaof the JFrog Security Research Team

Published 6 Feb, 2019 | Last updated 6 Feb, 2019

Information leakage in MiniUPnPd due to improper validation of snprintf return value


MiniUPnP (,2.1], fixed in 2.2.0

It was discovered that MiniUPnPd did not properly validate callback addresses. A remote attacker could possibly use this issue to expose sensitive information.

No PoC is supplied for this issue

No vulnerability mitigations are supplied for this issue



< Back