CVE-2022-26505

EUVD-2022-31063
A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.4 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
Affected Products (NVD)
VendorProductVersion
readymedia_projectreadymedia
𝑥
< 1.3.1
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
minidlna
bookworm
1.3.0+dfsg-2.2+deb12u1
fixed
bookworm (security)
1.3.0+dfsg-2.2+deb12u1
fixed
bullseye
1.3.0+dfsg-2+deb11u2
fixed
bullseye (security)
1.3.0+dfsg-2+deb11u2
fixed
sid
1.3.3+dfsg-1.1
fixed
trixie
1.3.3+dfsg-1.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
minidlna
bionic
Fixed 1.2.1+dfsg-1ubuntu0.18.04.1+esm1
released
focal
Fixed 1.2.1+dfsg-1ubuntu0.20.04.2
released
impish
dne
jammy
Fixed 1.3.0+dfsg-2.1ubuntu0.1
released
kinetic
ignored
lunar
not-affected
mantic
not-affected
trusty
dne
xenial
Fixed 1.1.5+dfsg-2ubuntu0.1+esm1
released
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2022/03/06/1
https://lists.debian.org/debian-lts-announce/2022/04/msg00005.html
https://security.gentoo.org/glsa/202311-12
https://sourceforge.net/p/minidlna/git/ci/c21208508dbc131712281ec5340687e5ae89e940/
https://www.openwall.com/lists/oss-security/2022/03/03/1
http://www.openwall.com/lists/oss-security/2022/03/06/1
https://lists.debian.org/debian-lts-announce/2022/04/msg00005.html
https://security.gentoo.org/glsa/202311-12
https://sourceforge.net/p/minidlna/git/ci/c21208508dbc131712281ec5340687e5ae89e940/
https://www.openwall.com/lists/oss-security/2022/03/03/1