Package libgupnp1.2 updated to version 1.2.3-alt1 for branch sisyphus in task 253858.

Published: 2021-03-15
Modified: 2023-11-21

BDU:2021-01329

Уязвимость спецификации Open Connectivity Foundation UPnP, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании

Severity: HIGH (7.8) Vector: AV:N/AC:M/Au:N/C:P/I:N/A:C

References:

CVE-2020-12695

Published: 2020-06-08
Modified: 2024-11-21

CVE-2020-12695

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.

Severity: HIGH (7.8) Vector: AV:N/AC:M/Au:N/C:P/I:N/A:C

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H

References:

Version: 2.1.2

Package libgupnp1.2 update in sisyphus on 2020-06-23

ALT-PU-2020-2224-1

Closed vulnerabilities

BDU:2021-01329

CVE-2020-12695