CVE-2021-29462

EPSS 0.14%
Veröffentlicht 20.04.2021 21:15:08
Zuletzt bearbeitet 21.11.2024 06:01:09
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it does not check the value of the `Host` header. This can be mitigated by using DNS revolvers which block DNS-rebinding attacks. The vulnerability is fixed in version 1.14.6 and later.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pupnp Project ≫ Pupnp Version < 1.14.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.341

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
security-advisories@github.com	7.6	2.1	5.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

http://www.openwall.com/lists/oss-security/2021/04/20/4

Third Party Advisory

Mailing List

https://github.com/pupnp/pupnp/security/advisories/GHSA-6hqq-w3jq-9fhg

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-29462

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-29462

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-29462

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-29462