CVE-2017-8798

high-risk

Published 2017-05-11

Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact.

Do I need to act?

23.5% chance of exploitation in next 30 days

EPSS score — higher than 77% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

43501

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (6)

Miniupnpd

Affected Vendors

Miniupnp Project

References (6)

Release Notes http://miniupnp.free.fr/files/changelog.php?file=miniupnpc-2.0.20170509.tar.gz

Exploit https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-8798

https://lists.debian.org/debian-lts-announce/2020/04/msg00027.html

Release Notes http://miniupnp.free.fr/files/changelog.php?file=miniupnpc-2.0.20170509.tar.gz

Exploit https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-8798

https://lists.debian.org/debian-lts-announce/2020/04/msg00027.html

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 14/34 · Moderate

Exposure 13/34 · Low