CVE-2019-12106
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-12106
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-12106.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-12106
- Downstream
- Published
- 2019-05-15T23:29:00.433Z
- Modified
- 2025-11-14T09:05:45.818625Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 1.4 and 1.5 allows a remote attacker to crash the process due to a Use After Free vulnerability.
- References
Affected packages
Git / github.com/miniupnp/miniupnp
Affected ranges
- Type
- GIT
- Repo
- https://github.com/miniupnp/miniupnp
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
minissdpd_1_2
minissdpd_1_4
minissdpd_1_5
miniupnpc_1_7
miniupnpc_1_8
miniupnpc_1_9
miniupnpc_2_0
miniupnpc_2_1
miniupnpd_1_7
miniupnpd_1_8
miniupnpd_1_9
miniupnpd_2_0
miniupnpd_2_1
Database specific
vanir_signatures
[
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 1787.0,
"function_hash": "49626815456841716209215577197332225879"
},
"id": "CVE-2019-12106-18e19ac1",
"source": "https://github.com/miniupnp/miniupnp/commit/cd506a67e174a45c6a202eff182a712955ed6d6f",
"target": {
"file": "minissdpd/minissdpd.c",
"function": "updateDevice"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"136228493942524335642480519156147028320",
"214698895325830240883302560531919787267",
"282269370337803121966929167125174309566",
"15209298193392725639910941306136385751"
]
},
"id": "CVE-2019-12106-a81ca291",
"source": "https://github.com/miniupnp/miniupnp/commit/cd506a67e174a45c6a202eff182a712955ed6d6f",
"target": {
"file": "minissdpd/minissdpd.c"
}
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-12106.json"