Home > Vulnerability Database > CVE-2021-29462

Mend.io Vulnerability Database

CVE-2021-29462

Good to know:

Date: April 20, 2021

The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it does not check the value of the `Host` header. This can be mitigated by using DNS revolvers which block DNS-rebinding attacks. The vulnerability is fixed in version 1.14.6 and later.

Language: C

Severity Score

7.6

Related Resources (6)

Url: http://www.openwall.com/lists/oss-security/2021/04/20/4

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2021-29462

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-29462

Url: https://github.com/pupnp/pupnp/security/advisories/GHSA-6hqq-w3jq-9fhg

Url: https://security-tracker.debian.org/tracker/CVE-2021-29462

Url: https://www.mend.io/vulnerability-database/CVE-2021-29462

Severity Score

7.6

Weakness Type (CWE)

Input Validation

CWE-20

Insufficient Verification of Data Authenticity

CWE-345

Top Fix

Upgrade Version

Upgrade to version release-1.14.6

Learn More

CVSS v3.1

Base Score:	7.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	LOW

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-29462

Good to know:

Date: April 20, 2021

Language: C

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?