Ubuntu.comUB:CVE-2021-29462CVE-2021-29462
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
68.6%
The Portable SDK for UPnP Devices is an SDK for development of UPnP device
and control point applications. The server part of pupnp (libupnp) appears
to be vulnerable to DNS rebinding attacks because it does not check the
value of the Host header. This can be mitigated by using DNS revolvers
which block DNS-rebinding attacks. The vulnerability is fixed in version
1.14.6 and later.
Bugs
References
www.openwall.com/lists/oss-security/2021/04/20/4
github.com/pupnp/pupnp/commit/21fd85815da7ed2578d0de7cac4c433008f0ecd4
github.com/pupnp/pupnp/security/advisories/GHSA-6hqq-w3jq-9fhg
launchpad.net/bugs/cve/CVE-2021-29462
nvd.nist.gov/vuln/detail/CVE-2021-29462
security-tracker.debian.org/tracker/CVE-2021-29462
www.cve.org/CVERecord?id=CVE-2021-29462
www.openwall.com/lists/oss-security/2021/04/20/4
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
68.6%