libupnp
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Portable Open Source UPnP Development Kit |
| Version | 1.14.20-1 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1844 | 1.14.5-1 | 1.14.6-1 | High | Fixed | |
| AVG-1682 | 1.14.4-1 | 1.14.5-1 | Medium | Fixed | |
| AVG-1175 | 1.6.25-2 | 1.14.0-1 | Medium | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-29462 | AVG-1844 | High | Yes | Content spoofing | The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it does not check the value of the `Host` header. This can be... |
| CVE-2021-28302 | AVG-1682 | Medium | Yes | Denial of service | A stack overflow in libupnp up to version 1.14.4 can cause denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a... |
| CVE-2020-13848 | AVG-1175 | Medium | Yes | Denial of service | A NULL-pointer dereference has been found in libupnp <= 1.12.1, in the functions FindServiceControlURLPath and FindServiceEventURLPath in... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 29 Apr 2021 | ASA-202104-8 | AVG-1844 | High | content spoofing |