Vulnerabilities > CVE-2013-1462 - Numeric Errors vulnerability in Miniupnp Project Miniupnpd 1.0

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

miniupnp-project

CWE-189

NVD

Published: 2013-01-31

Updated: 2015-10-08

Summary

Integer signedness error in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (incorrect memory copy) via a SOAPAction header that lacks a " (double quote) character, a different vulnerability than CVE-2013-0230.

Vulnerable Configurations

Part	Description	Count
Application	Miniupnp_Project Miniupnp Project Miniupnpd 1.0	1

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

References

https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play
https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf
https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb