Home

CVE-2021-33516

Description

An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victims browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc.

Risk Information

Base Score
8.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.368

Associated Vulnerability

VulnerabilityOS Platform
framework for creating UPnP devices and control points (USN-4970-1) libgupnp-1.2-0_1.2.3-0ubuntu0.20.04.2_i386.debLinux
framework for creating UPnP devices and control points (USN-4970-1) libgupnp-1.2-0_1.2.3-0ubuntu0.20.04.2_amd64.debLinux
framework for creating UPnP devices and control points (USN-4970-1) libgupnp-1.2-0_1.2.4-1ubuntu0.20.10.1_i386.debLinux
framework for creating UPnP devices and control points (USN-4970-1) libgupnp-1.2-0_1.2.4-1ubuntu0.20.10.1_amd64.debLinux
framework for creating UPnP devices and control points (USN-4970-1) libgupnp-1.2-0_1.2.4-1ubuntu0.21.04.1_i386.debLinux
framework for creating UPnP devices and control points (USN-4970-1) libgupnp-1.2-0_1.2.4-1ubuntu0.21.04.1_amd64.debLinux
(RHSA-2021:2363) gupnp security update gupnp-1.0.6-2.el8_4.i686.rpmLinux
(RHSA-2021:2363) gupnp security update gupnp-1.0.6-2.el8_4.x86_64.rpmLinux
(RHSA-2021:2363) gupnp security update gupnp-debugsource-1.0.6-2.el8_4.i686.rpmLinux
(RHSA-2021:2363) gupnp security update gupnp-debugsource-1.0.6-2.el8_4.x86_64.rpmLinux
Gupnp update (ELSA-2021-2417) gupnp-1.0.2-6.el7_9.i686.rpmLinux
Gupnp update (ELSA-2021-2417) gupnp-1.0.2-6.el7_9.x86_64.rpmLinux
Gupnp-devel update (ELSA-2021-2417) gupnp-devel-1.0.2-6.el7_9.i686.rpmLinux
Gupnp-devel update (ELSA-2021-2417) gupnp-devel-1.0.2-6.el7_9.x86_64.rpmLinux
Gupnp-docs update (ELSA-2021-2417) gupnp-docs-1.0.2-6.el7_9.noarch.rpmLinux
(RHSA-2021:2417) gupnp security update gupnp-1.0.2-6.el7_9.i686.rpmLinux
(RHSA-2021:2417) gupnp security update gupnp-1.0.2-6.el7_9.x86_64.rpmLinux
(RHSA-2021:2417) gupnp security update gupnp-devel-1.0.2-6.el7_9.i686.rpmLinux
(RHSA-2021:2417) gupnp security update gupnp-devel-1.0.2-6.el7_9.x86_64.rpmLinux
(RHSA-2021:2417) gupnp security update gupnp-docs-1.0.2-6.el7_9.noarch.rpmLinux
gupnp security update (RLSA-2021:2363) gupnp-1.0.6-2.el8_4.i686.rpmLinux
gupnp security update (RLSA-2021:2363) gupnp-1.0.6-2.el8_4.x86_64.rpmLinux
SUSE-SU-2021:2153-1(SUSE Linux Enterprise Module for Desktop Applications 15-SP3 ) libgupnp-1_2-0-1.2.2-3.3.1.x86_64.rpmLinux
SUSE-SU-2021:2153-1(SUSE Linux Enterprise Module for Desktop Applications 15-SP3 ) gupnp-debugsource-1.2.2-3.3.1.x86_64.rpmLinux
SUSE-SU-2021:2153-1(SUSE Linux Enterprise Module for Desktop Applications 15-SP3 ) libgupnp-1_2-0-debuginfo-1.2.2-3.3.1.x86_64.rpmLinux
(RHSA-2021:2363)Important: security update gupnp-debuginfo-1.0.6-2.el8_4.i686.rpmLinux
(RHSA-2021:2363)Important: security update gupnp-debuginfo-1.0.6-2.el8_4.x86_64.rpmLinux
(RHSA-2021:2417)Important: security update gupnp-debuginfo-1.0.2-6.el7_9.i686.rpmLinux
(RHSA-2021:2417)Important: security update gupnp-debuginfo-1.0.2-6.el7_9.x86_64.rpmLinux
framework for creating UPnP devices and control points (USN-4970-1) libgupnp-1.2-0_1.2.3-0ubuntu0.20.04.2_i386.debLinux
Gupnp update (ELSA-2021-2363) gupnp-1.0.6-2.el8_4.i686.rpmLinux
Gupnp update (ELSA-2021-2363) gupnp-1.0.6-2.el8_4.x86_64.rpmLinux
gupnp Security Update (ALAS-2021-1673) gupnp-1.0.2-6.amzn2.i686.rpmLinux
gupnp Security Update (ALAS-2021-1673) gupnp-1.0.2-6.amzn2.x86_64.rpmLinux
gupnp Security Update (ALAS-2021-1673) gupnp-docs-1.0.2-6.amzn2.noarch.rpmLinux
gupnp Security Update (ALAS-2021-1673) gupnp-devel-1.0.2-6.amzn2.x86_64.rpmLinux
Important: gupnp security update gupnp-1.0.6-2.el8_4.i686.rpmLinux
Important: gupnp security update gupnp-1.0.6-2.el8_4.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234