CVE-2021-29462
Last modified
CVE-2021-29462 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it does not check the value of the `Host` header. EPSS estimates a 0.63% chance of exploitation in the next 30 days.
Description
The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it does not check the value of the `Host` header. This can be mitigated by using DNS revolvers which block DNS-rebinding attacks. The vulnerability is fixed in version 1.14.6 and later.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Pupnp Project | Pupnp | < 1.14.6 |
References
- http://www.openwall.com/lists/oss-security/2021/04/20/4Mailing List, Third Party Advisory
- https://github.com/pupnp/pupnp/security/advisories/GHSA-6hqq-w3jq-9fhgThird Party Advisory
- http://www.openwall.com/lists/oss-security/2021/04/20/4Mailing List, Third Party Advisory
- https://github.com/pupnp/pupnp/security/advisories/GHSA-6hqq-w3jq-9fhgThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-29462?
How severe is CVE-2021-29462?
How do I fix CVE-2021-29462?
Are you affected by CVE-2021-29462?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST