Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 729302 (CVE-2020-12695)

Summary: [Tracker] CallStranger UPnP vulnerability (CVE-2020-12695)
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.callstranger.com/
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 727542, 729306, 729946, 757297    
Bug Blocks:    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-06-23 12:23:00 UTC 
Description:
"The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue."
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-07-15 04:15:46 UTC 
Dead tracker.