CVE-2019-12109

A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for rem_port.

References

Affected packages

Git / github.com/miniupnp/miniupnp

Affected ranges

Type: GIT
Repo: https://github.com/miniupnp/miniupnp
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

13585f15c7f7dc28bbbba1661efb280d530d114c

Fixed

86030db849260dd8fb2ed975b9890aef1b62b692

Affected versions

Other

minissdpd_1_2

minissdpd_1_4

minissdpd_1_5

miniupnpc_1_7

miniupnpc_1_8

miniupnpc_1_9

miniupnpc_2_0

miniupnpc_2_1

miniupnpd_1_7

miniupnpd_1_8

miniupnpd_1_9

miniupnpd_2_0

miniupnpd_2_1

Database specific

vanir_signatures

[
    {
        "id": "CVE-2019-12109-05bb41a2",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "miniupnpd/upnpsoap.c",
            "function": "GetOutboundPinholeTimeout"
        },
        "digest": {
            "function_hash": "71234039086997178367485117544271644435",
            "length": 1325.0
        },
        "source": "https://github.com/miniupnp/miniupnp/commit/13585f15c7f7dc28bbbba1661efb280d530d114c"
    },
    {
        "id": "CVE-2019-12109-cb43a28a",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "miniupnpd/upnpsoap.c"
        },
        "digest": {
            "line_hashes": [
                "5593300419432615200973628329977550124",
                "282311576490144500094238455818010610431",
                "4122044120206916469799491856609136226"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/miniupnp/miniupnp/commit/13585f15c7f7dc28bbbba1661efb280d530d114c"
    }
]