CVE-2021-29462 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2021-29462 Interim 1 5 2025-02-17T00:44:32Z current 2021-09-30T01:40:32Z 2025-02-17T00:44:32Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2021-29462 The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it does not check the value of the `Host` header. This can be mitigated by using DNS revolvers which block DNS-rebinding attacks. The vulnerability is fixed in version 1.14.6 and later. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 15.4 openSUSE Tumbleweed libixml11-1.14.10-1.2 libixml11-1.14.12-bp154.1.66 libixml11-32bit-1.14.10-1.2 libupnp-devel-1.14.10-1.2 libupnp17-1.14.10-1.2 libupnp17-1.14.12-bp154.1.66 libupnp17-32bit-1.14.10-1.2 libixml11-1.14.12-bp154.1.66 as a component of openSUSE Leap 15.4 libupnp17-1.14.12-bp154.1.66 as a component of openSUSE Leap 15.4 libixml11-1.14.10-1.2 as a component of openSUSE Tumbleweed libixml11-32bit-1.14.10-1.2 as a component of openSUSE Tumbleweed libupnp-devel-1.14.10-1.2 as a component of openSUSE Tumbleweed libupnp17-1.14.10-1.2 as a component of openSUSE Tumbleweed libupnp17-32bit-1.14.10-1.2 as a component of openSUSE Tumbleweed The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it does not check the value of the `Host` header. This can be mitigated by using DNS revolvers which block DNS-rebinding attacks. The vulnerability is fixed in version 1.14.6 and later. CVE-2021-29462 openSUSE Leap 15.4:libixml11-1.14.12-bp154.1.66 openSUSE Leap 15.4:libupnp17-1.14.12-bp154.1.66 openSUSE Tumbleweed:libixml11-1.14.10-1.2 openSUSE Tumbleweed:libixml11-32bit-1.14.10-1.2 openSUSE Tumbleweed:libupnp-devel-1.14.10-1.2 openSUSE Tumbleweed:libupnp17-1.14.10-1.2 openSUSE Tumbleweed:libupnp17-32bit-1.14.10-1.2 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H