CVE-2021-29462
Summary
| CVE | CVE-2021-29462 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-04-20 21:15:00 UTC |
| Updated | 2022-08-03 10:20:00 UTC |
| Description | The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it does not check the value of the `Host` header. This can be mitigated by using DNS revolvers which block DNS-rebinding attacks. The vulnerability is fixed in version 1.14.6 and later. |
Risk And Classification
Problem Types: CWE-345
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Pupnp Project | Pupnp | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| oss-security - DNS rebinding vulnerability in pupnp | MLIST | www.openwall.com | |
| DNS rebinding in pupnp · Advisory · pupnp/pupnp · GitHub | CONFIRM | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.