CVE-2019-12106
NONE EPSS 84.8%
Published May 15, 20197y ago · Modified Jun 17, 20262w ago
Published May 15, 2019 7y ago
Last Modified Jun 17, 2026 2w ago
Description
The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 1.4 and 1.5 allows a remote attacker to crash the process due to a Use After Free vulnerability.
Threat Intelligence
EPSS Exploit Probability
84.8% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-416 Use After Free Memory Safety
Affected Products 2
| Vendor | Product | Version | Range |
|---|---|---|---|
| miniupnp_project | miniupnpd | 1.4 | any |
| miniupnp_project | miniupnpd | 1.5 | any |
References 3
- github.com https://github.com/miniupnp/miniupnp/commit/cd506a67e174a45c6a202eff182a712955ed6d6f
- lists.debian.org https://lists.debian.org/debian-lts-announce/2019/05/msg00037.html
- vdoo.com https://www.vdoo.com/blog/security-issues-discovered-in-miniupnp
Remediation
- github.com https://github.com/miniupnp/miniupnp/commit/cd506a67e174a45c6a202eff182a712955ed6d6f
- vdoo.com https://www.vdoo.com/blog/security-issues-discovered-in-miniupnp