VDB
CVE-2021-29462
CVE-2021-29462
PUBLISHED
The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it does not check the value of the `Host` header. This can be mitigated by using DNS revolvers which block DNS-rebinding attacks. The vulnerability is fixed in version 1.14.6 and later.
EPSS 0.14% · 33.4th percentile
Risk Scores
EPSS Score
0.14%
33.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:16.04:LTS | libupnp | 1:1.6.19+git20141001-1ubuntu1, 1:1.6.19+git20141001-1, 0 |
| Ubuntu:18.04:LTS | pupnp-1.8 | 1:1.8.2-2, 0, * |
| Ubuntu:16.04:LTS | mediatomb | 0, 0.12.1-47-g7ab7616-1ubuntu2, * |
| Ubuntu:18.04:LTS | libupnp | *, *, 1:1.6.24-4 |
| Ubuntu:22.04:LTS | pupnp-1.8 | *, 0 |
| Ubuntu:20.04:LTS | pupnp-1.8 | 1:1.8.4-2ubuntu2, 0 |
Timeline
- Apr 20, 2021 CVE Published
- Apr 21, 2021 EPSS Score
- Jun 29, 2021 EPSS Score
- Aug 30, 2021 EPSS Score
- Nov 1, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 5, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 6, 2022 EPSS Score
- Jul 8, 2022 EPSS Score
- Sep 9, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-29462 third-party-advisory
- https://github.com/pupnp/pupnp/security/advisories/GHSA-6hqq-w3jq-9fhg third-party-advisory
- https://github.com/pupnp/pupnp/commit/21fd85815da7ed2578d0de7cac4c433008f0ecd4 third-party-advisory
- https://www.openwall.com/lists/oss-security/2021/04/20/4 third-party-advisory
- http://www.openwall.com/lists/oss-security/2021/04/20/4 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-29462 third-party-advisory