CVE-2019-12106

NONE EPSS 84.8%
Published May 15, 20197y ago · Modified Jun 17, 20262w ago
Find Similar
Published May 15, 2019 7y ago
Last Modified Jun 17, 2026 2w ago

Description

The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 1.4 and 1.5 allows a remote attacker to crash the process due to a Use After Free vulnerability.

Threat Intelligence

EPSS Exploit Probability
84.8% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 2

VendorProductVersionRange
miniupnp_projectminiupnpd1.4any
miniupnp_projectminiupnpd1.5any

References 3

  • github.com https://github.com/miniupnp/miniupnp/commit/cd506a67e174a45c6a202eff182a712955ed6d6f
    PatchThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2019/05/msg00037.html
  • vdoo.com https://www.vdoo.com/blog/security-issues-discovered-in-miniupnp
    ExploitPatchThird Party Advisory

Remediation

  • github.com https://github.com/miniupnp/miniupnp/commit/cd506a67e174a45c6a202eff182a712955ed6d6f
    PatchThird Party Advisory
  • vdoo.com https://www.vdoo.com/blog/security-issues-discovered-in-miniupnp
    ExploitPatchThird Party Advisory