Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Portable Open Source UPnP Development Kit
Version 1.14.19-2 [extra]


Group Affected Fixed Severity Status Ticket
AVG-1844 1.14.5-1 1.14.6-1 High Fixed
AVG-1682 1.14.4-1 1.14.5-1 Medium Fixed
AVG-1175 1.6.25-2 1.14.0-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-29462 AVG-1844 High Yes Content spoofing
The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it does not check the value of the `Host` header. This can be...
CVE-2021-28302 AVG-1682 Medium Yes Denial of service
A stack overflow in libupnp up to version 1.14.4 can cause denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a...
CVE-2020-13848 AVG-1175 Medium Yes Denial of service
A NULL-pointer dereference has been found in libupnp <= 1.12.1, in the functions FindServiceControlURLPath and FindServiceEventURLPath in...


Date Advisory Group Severity Type
29 Apr 2021 ASA-202104-8 AVG-1844 High content spoofing