{"id":"CVE-2019-12108","details":"A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for int_port.","modified":"2026-02-11T11:43:24.381252Z","published":"2019-05-15T23:29:00.607Z","references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00045.html"},{"type":"WEB","url":"https://usn.ubuntu.com/4542-1/"},{"type":"ADVISORY","url":"https://github.com/miniupnp/miniupnp/commit/13585f15c7f7dc28bbbba1661efb280d530d114c"},{"type":"ADVISORY","url":"https://github.com/miniupnp/miniupnp/commit/86030db849260dd8fb2ed975b9890aef1b62b692"},{"type":"ADVISORY","url":"https://www.vdoo.com/blog/security-issues-discovered-in-miniupnp"},{"type":"FIX","url":"https://github.com/miniupnp/miniupnp/commit/13585f15c7f7dc28bbbba1661efb280d530d114c"},{"type":"FIX","url":"https://github.com/miniupnp/miniupnp/commit/86030db849260dd8fb2ed975b9890aef1b62b692"},{"type":"FIX","url":"https://www.vdoo.com/blog/security-issues-discovered-in-miniupnp"},{"type":"EVIDENCE","url":"https://www.vdoo.com/blog/security-issues-discovered-in-miniupnp"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/miniupnp/miniupnp","events":[{"introduced":"0"},{"fixed":"13585f15c7f7dc28bbbba1661efb280d530d114c"},{"introduced":"0"},{"fixed":"86030db849260dd8fb2ed975b9890aef1b62b692"}]}],"versions":["minissdpd_1_2","minissdpd_1_4","minissdpd_1_5","miniupnpc_1_7","miniupnpc_1_8","miniupnpc_1_9","miniupnpc_2_0","miniupnpc_2_1","miniupnpd_1_7","miniupnpd_1_8","miniupnpd_1_9","miniupnpd_2_0","miniupnpd_2_1"],"database_specific":{"vanir_signatures":[{"source":"https://github.com/miniupnp/miniupnp/commit/13585f15c7f7dc28bbbba1661efb280d530d114c","signature_type":"Function","deprecated":false,"target":{"function":"GetOutboundPinholeTimeout","file":"miniupnpd/upnpsoap.c"},"id":"CVE-2019-12108-05bb41a2","signature_version":"v1","digest":{"function_hash":"71234039086997178367485117544271644435","length":1325}},{"source":"https://github.com/miniupnp/miniupnp/commit/86030db849260dd8fb2ed975b9890aef1b62b692","signature_type":"Line","deprecated":false,"target":{"file":"miniupnpd/upnpsoap.c"},"id":"CVE-2019-12108-26dffd12","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["64415667816614439221810368534374882748","46776556512540516748005953614856017541","262941448103799079676414217496844234586","185857199545920684583064817506350996136"]}},{"source":"https://github.com/miniupnp/miniupnp/commit/86030db849260dd8fb2ed975b9890aef1b62b692","signature_type":"Function","deprecated":false,"target":{"function":"GetOutboundPinholeTimeout","file":"miniupnpd/upnpsoap.c"},"id":"CVE-2019-12108-39e533b7","signature_version":"v1","digest":{"function_hash":"183201488857174121539249514163529004705","length":1439}},{"source":"https://github.com/miniupnp/miniupnp/commit/13585f15c7f7dc28bbbba1661efb280d530d114c","signature_type":"Line","deprecated":false,"target":{"file":"miniupnpd/upnpsoap.c"},"id":"CVE-2019-12108-cb43a28a","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["5593300419432615200973628329977550124","282311576490144500094238455818010610431","4122044120206916469799491856609136226"]}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-12108.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}