Vulnerability Description
The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Miniupnp Project | Miniupnpd | <= 1.3 |
References
- https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in
- https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityF
- https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb
- https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in
- https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityF
- https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb
FAQ
What is CVE-2013-0229?
CVE-2013-0229 is a vulnerability with a CVSS score of 7.8 (HIGH). The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that trigg...
How severe is CVE-2013-0229?
CVE-2013-0229 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-0229?
Check the references section above for vendor advisories and patch information. Affected products include: Miniupnp Project Miniupnpd.