CVE-2019-12107

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions MiniUPnPd versions prior to 2.1

Description The issue allows a remote attacker to leak information from the heap due to improper validation of an snprintf return value in the upnp event prepare function.

Recommendations For versions prior to 2.1, update to version 2.1 or later to resolve the issue.

Exploit

Fix

Unchecked Return Value

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-252

Related Identifiers

CVE-2019-12107

DLA-1811-1

USN-4542-1

Affected Products

Miniupnpd

Ubuntu

CVE-2019-12107

Weakness Enumeration

Related Identifiers

Affected Products

References · 20