Denial of Service Vulnerability in MiniUPnP HTTP Service
CVE-2013-1461

Currently unrated

Key Information:

Vendor: Miniupnp Project
Status: Miniupnpd
Vendor: CVE Published:; 31 January 2013

🔔 Create Miniupnp Project Vulnerability Alert

What is CVE-2013-1461?

The ExecuteSoapAction function within the SOAPAction handler of MiniUPnP's HTTP service is susceptible to a denial of service attack. Remote attackers can exploit this vulnerability by sending a SOAPAction header that is missing the required # (pound sign) character, leading to a NULL pointer dereference and causing the service to crash. This flaw poses a significant threat to network reliability and functionality.

References

https://community.rapid7.com/servlet/JiveServlet/download...

x_refsource_MISC

https://community.rapid7.com/servlet/servlet.FileDownload...

x_refsource_MISC

https://community.rapid7.com/community/infosec/blog/2013/...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 31, 2013
Vulnerability Reserved
Jan 29, 2013

CVE-2013-1461 Data

JSON