Buffer Over-read Vulnerability in MiniUPnP MiniUPnPd by MiniUPnP
CVE-2013-0229

Currently unrated

Key Information:

Vendor: Miniupnp Project
Status: Miniupnpd
Vendor: CVE Published:; 31 January 2013

🔔 Create Miniupnp Project Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 74%

What is CVE-2013-0229?

The ProcessSSDPRequest function in the minissdp.c file of the SSDP handler in MiniUPnP MiniUPnPd prior to version 1.4 is vulnerable to a buffer over-read issue. This vulnerability allows remote attackers to exploit the service by sending specially crafted requests, potentially leading to a denial of service due to service crashes. Organizations using affected versions are encouraged to upgrade to the latest version to mitigate the risk associated with this vulnerability.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

vulnupnp
Created by lochiiconnectivity

References

https://community.rapid7.com/servlet/JiveServlet/download...

x_refsource_MISC

https://community.rapid7.com/servlet/servlet.FileDownload...

x_refsource_MISC

https://community.rapid7.com/community/infosec/blog/2013/...

x_refsource_MISC

EPSS Score

74% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Apr 14, 2013
👾
Exploit known to exist
Apr 14, 2013
Vulnerability published
Jan 31, 2013
Vulnerability Reserved
Dec 6, 2012

CVE-2013-0229 Data

JSON