Fluid Attacks Database

Description

A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for int_port.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	miniupnpd	>=0 <2.1-6	2.1-6
debian 11	miniupnpd	>=0 <2.1-6	2.1-6
debian 13	miniupnpd	>=0 <2.1-6	2.1-6
debian 14	miniupnpd	>=0 <2.1-6	2.1-6

Aliases

1. CVE-2019-121082. NVD-2019-121083. OSV-DEBIAN-2019-121084. OSV-2019-121085. SECURITY-TRACKER-CVE-2019-12108

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.