Subject: [ASA-202104-8] libupnp: content spoofing Arch Linux Security Advisory ASA-202104-8 ========================================= Severity: High Date : 2021-04-29 CVE-ID : CVE-2021-29462 Package : libupnp Type : content spoofing Remote : Yes Link : https://security.archlinux.org/AVG-1844 Summary ======= The package libupnp before version 1.14.6-1 is vulnerable to content spoofing. Resolution ========== Upgrade to 1.14.6-1. # pacman -Syu "libupnp>=1.14.6-1" The problem has been fixed upstream in version 1.14.6. Workaround ========== None. Description =========== The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it does not check the value of the `Host` header. This can be mitigated by using DNS revolvers which block DNS- rebinding attacks. The vulnerability is fixed in version 1.14.6 and later. Impact ====== An attacker is able to perform a DNS rebinding attack against a client browser to trigger local UPnP services. This can be used to, for example, exfiltrate or tamper data of a client. References ========== https://github.com/pupnp/pupnp/security/advisories/GHSA-6hqq-w3jq-9fhg https://github.com/pupnp/pupnp/commit/21fd85815da7ed2578d0de7cac4c433008f0ecd4 https://security.archlinux.org/CVE-2021-29462