DNS rebinding in pupnp
CVE-2021-29462

7.6HIGH

Key Information:

Vendor: Pupnp
Status: Pupnp
Vendor: CVE Published:; 20 April 2021

What is CVE-2021-29462?

The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it does not check the value of the Host header. This can be mitigated by using DNS revolvers which block DNS-rebinding attacks. The vulnerability is fixed in version 1.14.6 and later.

Affected Version(s)

pupnp < 1.14.6

References

https://github.com/pupnp/pupnp/security/advisories/GHSA-6...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2021/04/20/4

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 20, 2021
Vulnerability Reserved
Mar 30, 2021

CVE-2021-29462 Data

JSON

Pupnp

What is CVE-2021-29462?

Affected Version(s)

References

CVSS V3.1

Timeline