CVE-2013-0229 | Vulnerability Database | Aqua Security

The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read.

Affected Software

Name	Vendor	Start Version	End Version
Miniupnpd	Miniupnp_project	*	1.3 (including)
Miniupnpd	Miniupnp_project	1.0 (including)	1.0 (including)
Miniupnpd	Miniupnp_project	1.1 (including)	1.1 (including)
Miniupnpd	Miniupnp_project	1.2 (including)	1.2 (including)
Miniupnpc	Ubuntu	upstream	*

References

https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play
https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf
https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb
https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play
https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf
https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb

NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-0229
CWE	https://cwe.mitre.org/data/definitions/.html