[Git][security-tracker-team/security-tracker][master] Correct status on CVE-2019-12111/miniupnpd for stretch

Salvatore Bonaccorso carnil at debian.org
Thu Jan 16 05:53:12 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cc378b4b by Salvatore Bonaccorso at 2020-01-16T06:52:53+01:00
Correct status on CVE-2019-12111/miniupnpd for stretch

The copyIPv6IfDifferent helper was only introduce in
https://github.com/miniupnp/miniupnp/commit/3b12b8fb4e64e90a6319ae0aef3c240a44093439

But the CVE is relating to a NULL pointer dereference in
copyIPv6IfDifferent in pcpserver.c due to not checking the src argument.
This is not done as well before the above upstream commit introducing
the helper function, so one can argue that the CVE-2019-12111 applies to
earlier versions as well.

Thanks: Markus Linnala
Fixes: 8888a5e59b0b ("Mark CVE-2019-12111/miniupnpd as not-affected")

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -38392,8 +38392,10 @@ CVE-2019-12112
 CVE-2019-12111 (A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 ex ...)
 	{DLA-1811-1}
 	- miniupnpd 2.1-6 (bug #930050)
-	[stretch] - miniupnpd <not-affected> (Vulnerable code introduced later)
-	NOTE: https://github.com/miniupnp/miniupnp/commit/cb8a02af7a5677cf608e86d57ab04241cf34e24f
+	[stretch] - miniupnpd <no-dsa> (Minor issue)
+	NOTE: copyIPv6IfDifferent helper introduced in https://github.com/miniupnp/miniupnp/commit/3b12b8fb4e64e90a6319ae0aef3c240a44093439
+	NOTE: but possible NULL pointer dereference on the respective argument is present before.
+	NOTE: Fixed by: https://github.com/miniupnp/miniupnp/commit/cb8a02af7a5677cf608e86d57ab04241cf34e24f
 CVE-2019-12110 (An AddPortMapping Denial Of Service vulnerability in MiniUPnP MiniUPnP ...)
 	{DLA-1811-1}
 	- miniupnpd 2.1-6 (bug #930050)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cc378b4bb39f03e0e6c9878df9f08a088023805e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cc378b4bb39f03e0e6c9878df9f08a088023805e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200116/360db1bb/attachment.html>

More information about the debian-security-tracker-commits mailing list