[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: DNS rebinding vulnerability in npupnp
From: Gabriel Corona <gabriel.corona () enst-bretagne ! fr>
Date: 2021-04-25 10:56:35
Message-ID: 787be56d-f920-3846-6a0e-82ce30be6c40 () enst-bretagne ! fr
[Download RAW message or body]
Le 20/04/2021 à 09:54, Gabriel Corona a écrit :
> The server-part of npupnp, a library used to implement UUPnP clients and
> servers, is vulnerable to DNS rebinding attacks.
>
> Impact: A remote web server can exploit this vulnerability to trick the
> user browser into triggering actions on the local UPnP services
> implemented using this library.
>
> This is fixed in v4.1.4.
>
> https://framagit.org/medoc92/npupnp
> https://www.lesbonscomptes.com/upmpdcli/npupnp-doc/libnpupnp.html
>
> A CVE as been requested.
>
This is CVE-2021-31718.
Gabriel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic