Vulnerabilites related to libupnp_project - libupnp
Vulnerability from fkie_nvd
Published
2017-03-07 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an SUBSCRIBE request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libupnp_project | libupnp | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libupnp_project:libupnp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29A492AC-F144-4DBB-ABA1-FC075D81856F",
"versionEndIncluding": "1.6.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an SUBSCRIBE request."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en la funci\u00f3n create_url_list en gena/gena_device.c en Portable UPnP SDK (tambi\u00e9n conocido como libupnp) en versiones anteriores a 1.6.21 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una URl v\u00e1lida seguida de una inv\u00e1lida en la cabecera CALLBACK de una petici\u00f3n SUBSCRIBE."
}
],
"id": "CVE-2016-8863",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-07T16:59:01.493",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/92849"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201701-52"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/pupnp/bugs/133/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLog"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2016/dsa-3736"
},
{
"source": "cve@mitre.org",
"url": "https://www.tenable.com/security/research/tra-2017-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-52"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/pupnp/bugs/133/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2016/dsa-3736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.tenable.com/security/research/tra-2017-10"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-31 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long UDN (aka device) field in a UDP packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libupnp_project | libupnp | 1.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC7A94CC-EBC3-4DFC-8342-63C3552F1907",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long UDN (aka device) field in a UDP packet."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n de unique_service_name en ssdp/ssdp_server.c en el analizador SSDP en el SDK port\u00e1til para dispositivos UPnP (alias libupnp, anteriormente el SDK Intel para dispositivos UPnP) v1.3.1 que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un campo long UDN (alias dispositivo) de un paquete UDP."
}
],
"evaluatorImpact": "Per CERT\u0027s advisory additional products may be affected: http://www.kb.cert.org/vuls/id/922681 \"Hundreds of vendors have used the libupnp library in their products, many of which are acting as the home routers for consumer networks. Any application linking to libupnp is likely to be affected\"",
"id": "CVE-2012-5961",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-31T21:55:01.207",
"references": [
{
"source": "cret@cert.org",
"url": "http://pupnp.sourceforge.net/ChangeLog"
},
{
"source": "cret@cert.org",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp"
},
{
"source": "cret@cert.org",
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"source": "cret@cert.org",
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"source": "cret@cert.org",
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"source": "cret@cert.org",
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
},
{
"source": "cret@cert.org",
"url": "http://www.debian.org/security/2013/dsa-2614"
},
{
"source": "cret@cert.org",
"url": "http://www.debian.org/security/2013/dsa-2615"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/922681"
},
{
"source": "cret@cert.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:098"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/57602"
},
{
"source": "cret@cert.org",
"url": "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play"
},
{
"source": "cret@cert.org",
"url": "https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf"
},
{
"source": "cret@cert.org",
"url": "https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb"
},
{
"source": "cret@cert.org",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://pupnp.sourceforge.net/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/922681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/57602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-04 20:15
Modified
2024-11-21 05:01
Severity ?
Summary
Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libupnp_project | libupnp | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libupnp_project:libupnp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92BB7079-C245-481E-A592-D88889DC1D95",
"versionEndIncluding": "1.12.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c."
},
{
"lang": "es",
"value": "Portable UPnP SDK (tambi\u00e9n se conoce como libupnp) versiones 1.12.1 y anteriores, permite a atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo) por medio de un mensaje SSDP dise\u00f1ado debido a una desreferencia del puntero NULL en las funciones FindServiceControlURLPath y FindServiceEventURLPath en el archivo genlib/service_table/service_table.c"
}
],
"id": "CVE-2020-13848",
"lastModified": "2024-11-21T05:01:59.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-04T20:15:12.050",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00030.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00033.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/pupnp/pupnp/issues/177"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00006.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/pupnp/pupnp/issues/177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00007.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-07 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 8.0 | |
| libupnp_project | libupnp | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libupnp_project:libupnp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29A492AC-F144-4DBB-ABA1-FC075D81856F",
"versionEndIncluding": "1.6.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler."
},
{
"lang": "es",
"value": "Portable UPnP SDK (tambi\u00e9n conocido como libupnp) en versiones anteriores a 1.6.21 permite a atacantes remotos escribir a archivos arbitrarios en el webroot a trav\u00e9s de una petici\u00f3n POST sin un contralodor registrado."
}
],
"id": "CVE-2016-6255",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-07T16:59:00.743",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3736"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/18/13"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92050"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201701-52"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLog"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/mjg59/status/755062278513319936"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/40589/"
},
{
"source": "cve@mitre.org",
"url": "https://www.tenable.com/security/research/tra-2017-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/18/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-52"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/mjg59/status/755062278513319936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40589/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.tenable.com/security/research/tra-2017-10"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-31 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string that is not properly handled after a certain pointer subtraction.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libupnp_project | libupnp | * | |
| libupnp_project | libupnp | 1.4.0 | |
| libupnp_project | libupnp | 1.4.1 | |
| libupnp_project | libupnp | 1.4.2 | |
| libupnp_project | libupnp | 1.4.3 | |
| libupnp_project | libupnp | 1.4.4 | |
| libupnp_project | libupnp | 1.4.5 | |
| libupnp_project | libupnp | 1.4.6 | |
| libupnp_project | libupnp | 1.4.7 | |
| libupnp_project | libupnp | 1.6.0 | |
| libupnp_project | libupnp | 1.6.1 | |
| libupnp_project | libupnp | 1.6.2 | |
| libupnp_project | libupnp | 1.6.3 | |
| libupnp_project | libupnp | 1.6.4 | |
| libupnp_project | libupnp | 1.6.5 | |
| libupnp_project | libupnp | 1.6.6 | |
| libupnp_project | libupnp | 1.6.7 | |
| libupnp_project | libupnp | 1.6.8 | |
| libupnp_project | libupnp | 1.6.9 | |
| libupnp_project | libupnp | 1.6.10 | |
| libupnp_project | libupnp | 1.6.11 | |
| libupnp_project | libupnp | 1.6.12 | |
| libupnp_project | libupnp | 1.6.13 | |
| libupnp_project | libupnp | 1.6.14 | |
| libupnp_project | libupnp | 1.6.15 | |
| libupnp_project | libupnp | 1.6.16 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libupnp_project:libupnp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFE41E67-9E78-4C12-8E39-C9F78D4A0780",
"versionEndIncluding": "1.6.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "90DE5933-78E5-4D2E-8298-9FF6D3E8B13D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1610A555-A92F-447C-A3A2-380EE0E2D92A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1EB0C576-10C0-4908-9196-B727DD5B57BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BD8110DB-EBA7-405E-BA1A-3392855938B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0CA3603A-B7A4-40D9-9A41-4CF190AED62C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "14DD33E0-C89D-43DD-BA50-210BA586106C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8ECD8AE2-44DF-4745-92EE-3544632334DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9F1C0B-FE77-43C0-A7D8-194B1679B6A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAB1B2E-E2B2-4FA8-8378-56DF6605D4CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "587F364D-9FEA-4D51-AA8C-36B002A2D4C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0E18E58C-D60B-48EB-BE2F-A780F1134FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8821D34D-AFA8-4731-94B3-012D40A13659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F3C9F1F-1DA4-45F8-801E-6864D7FC84F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F60BFD1D-33FE-4D1C-95BE-7544CECFEDF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58CC147F-E4F7-4DE8-95E0-AD85450C90E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "850AEC5A-F477-408C-8C57-703A3AD32FE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "421F7B7A-6B3A-433F-97DA-DB9272967529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2F57EECF-DBDB-4DD3-9628-04B160CACC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "132B0808-1754-415A-9C28-46C61849FBE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA8C2E3-AB91-4207-9F3C-5547614AD435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BC02DA1B-6206-4A8F-83EB-CE71811B98D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B28AA873-F88C-4FF8-8EE0-034762CBF8D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "55070B65-0791-4607-B8B4-1EE0F9A16B18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F760CF-5E09-407B-988B-8EE56A2A7D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D7246DBA-8B81-4DAA-BBD4-2DD6B368D250",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string that is not properly handled after a certain pointer subtraction."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en la pila en la funci\u00f3n unique_service_name en ssdp/ssdp_server.c en el validador SSDP del SDK para dispositivos UPnP (tambi\u00e9n conocido como libupnp, anteriormente el SDK Intel para dispositivos UPnP) v1.6.18 que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un paquete UDP con una cadena modificada que no es manejada adecuadamente despu\u00e9s de la resta de un determinado puntero."
}
],
"evaluatorImpact": "Per CERT\u0027s advisory additional products may be affected: http://www.kb.cert.org/vuls/id/922681\n\n\"Hundreds of vendors have used the libupnp library in their products, many of which are acting as the home routers for consumer networks. Any application linking to libupnp is likely to be affected\"",
"id": "CVE-2012-5958",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-31T21:55:01.037",
"references": [
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00013.html"
},
{
"source": "cret@cert.org",
"url": "http://packetstormsecurity.com/files/160242/libupnp-1.6.18-Denial-Of-Service.html"
},
{
"source": "cret@cert.org",
"url": "http://pupnp.sourceforge.net/ChangeLog"
},
{
"source": "cret@cert.org",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp"
},
{
"source": "cret@cert.org",
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"source": "cret@cert.org",
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"source": "cret@cert.org",
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"source": "cret@cert.org",
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
},
{
"source": "cret@cert.org",
"url": "http://www.debian.org/security/2013/dsa-2614"
},
{
"source": "cret@cert.org",
"url": "http://www.debian.org/security/2013/dsa-2615"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/922681"
},
{
"source": "cret@cert.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:098"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/57602"
},
{
"source": "cret@cert.org",
"url": "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play"
},
{
"source": "cret@cert.org",
"url": "https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf"
},
{
"source": "cret@cert.org",
"url": "https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb"
},
{
"source": "cret@cert.org",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037"
},
{
"source": "cret@cert.org",
"url": "https://www.tenable.com/security/research/tra-2017-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/160242/libupnp-1.6.18-Denial-Of-Service.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://pupnp.sourceforge.net/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/922681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/57602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.tenable.com/security/research/tra-2017-10"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2016-8863 (GCVE-0-2016-8863)
Vulnerability from cvelistv5
Published
2017-03-07 16:00
Modified
2024-08-06 02:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an SUBSCRIBE request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://sourceforge.net/p/pupnp/bugs/133/ | x_refsource_CONFIRM | |
| https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLog | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201701-52 | vendor-advisory, x_refsource_GENTOO | |
| https://www.debian.org/security/2016/dsa-3736 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.tenable.com/security/research/tra-2017-10 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/92849 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:01.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/pupnp/bugs/133/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLog"
},
{
"name": "GLSA-201701-52",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-52"
},
{
"name": "DSA-3736",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2016/dsa-3736"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2017-10"
},
{
"name": "92849",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92849"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an SUBSCRIBE request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-02T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/pupnp/bugs/133/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLog"
},
{
"name": "GLSA-201701-52",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-52"
},
{
"name": "DSA-3736",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2016/dsa-3736"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2017-10"
},
{
"name": "92849",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92849"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an SUBSCRIBE request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/pupnp/bugs/133/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/pupnp/bugs/133/"
},
{
"name": "https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLog",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLog"
},
{
"name": "GLSA-201701-52",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-52"
},
{
"name": "DSA-3736",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2016/dsa-3736"
},
{
"name": "https://www.tenable.com/security/research/tra-2017-10",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2017-10"
},
{
"name": "92849",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92849"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-8863",
"datePublished": "2017-03-07T16:00:00",
"dateReserved": "2016-10-20T00:00:00",
"dateUpdated": "2024-08-06T02:35:01.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6255 (GCVE-0-2016-6255)
Vulnerability from cvelistv5
Published
2017-03-07 16:00
Modified
2024-08-06 01:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/07/20/5 | mailing-list, x_refsource_MLIST | |
| https://twitter.com/mjg59/status/755062278513319936 | x_refsource_MISC | |
| https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd | x_refsource_MISC | |
| https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLog | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201701-52 | vendor-advisory, x_refsource_GENTOO | |
| https://www.exploit-db.com/exploits/40589/ | exploit, x_refsource_EXPLOIT-DB | |
| https://www.tenable.com/security/research/tra-2017-10 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2016/07/18/13 | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2016/dsa-3736 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/92050 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160720 Re: libupnp write files via POST",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/mjg59/status/755062278513319936"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLog"
},
{
"name": "GLSA-201701-52",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-52"
},
{
"name": "40589",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40589/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2017-10"
},
{
"name": "[oss-security] 20160718 libupnp write files via POST",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/18/13"
},
{
"name": "DSA-3736",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3736"
},
{
"name": "92050",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92050"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-02T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160720 Re: libupnp write files via POST",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/mjg59/status/755062278513319936"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLog"
},
{
"name": "GLSA-201701-52",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-52"
},
{
"name": "40589",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40589/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2017-10"
},
{
"name": "[oss-security] 20160718 libupnp write files via POST",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/18/13"
},
{
"name": "DSA-3736",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3736"
},
{
"name": "92050",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92050"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160720 Re: libupnp write files via POST",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/5"
},
{
"name": "https://twitter.com/mjg59/status/755062278513319936",
"refsource": "MISC",
"url": "https://twitter.com/mjg59/status/755062278513319936"
},
{
"name": "https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd",
"refsource": "MISC",
"url": "https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd"
},
{
"name": "https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLog",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLog"
},
{
"name": "GLSA-201701-52",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-52"
},
{
"name": "40589",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40589/"
},
{
"name": "https://www.tenable.com/security/research/tra-2017-10",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2017-10"
},
{
"name": "[oss-security] 20160718 libupnp write files via POST",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/18/13"
},
{
"name": "DSA-3736",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3736"
},
{
"name": "92050",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92050"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6255",
"datePublished": "2017-03-07T16:00:00",
"dateReserved": "2016-07-20T00:00:00",
"dateUpdated": "2024-08-06T01:22:20.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5958 (GCVE-0-2012-5958)
Vulnerability from cvelistv5
Published
2013-01-31 21:00
Modified
2024-08-06 21:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string that is not properly handled after a certain pointer subtraction.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130129 Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp"
},
{
"name": "MDVSA-2013:098",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:098"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"name": "DSA-2615",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2615"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
},
{
"name": "DSA-2614",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2614"
},
{
"name": "57602",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57602"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pupnp.sourceforge.net/ChangeLog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play"
},
{
"name": "VU#922681",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/922681"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2017-10"
},
{
"name": "openSUSE-SU-2013:0255",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00013.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/160242/libupnp-1.6.18-Denial-Of-Service.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string that is not properly handled after a certain pointer subtraction."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-28T18:06:30",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "20130129 Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp"
},
{
"name": "MDVSA-2013:098",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:098"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"name": "DSA-2615",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2615"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
},
{
"name": "DSA-2614",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2614"
},
{
"name": "57602",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57602"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pupnp.sourceforge.net/ChangeLog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play"
},
{
"name": "VU#922681",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/922681"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2017-10"
},
{
"name": "openSUSE-SU-2013:0255",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00013.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/160242/libupnp-1.6.18-Denial-Of-Service.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-5958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string that is not properly handled after a certain pointer subtraction."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130129 Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp"
},
{
"name": "MDVSA-2013:098",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:098"
},
{
"name": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf",
"refsource": "CONFIRM",
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"name": "https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf",
"refsource": "MISC",
"url": "https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf"
},
{
"name": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf",
"refsource": "CONFIRM",
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"name": "DSA-2615",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2615"
},
{
"name": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf",
"refsource": "CONFIRM",
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"name": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf",
"refsource": "CONFIRM",
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
},
{
"name": "DSA-2614",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2614"
},
{
"name": "57602",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57602"
},
{
"name": "https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb",
"refsource": "MISC",
"url": "https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb"
},
{
"name": "http://pupnp.sourceforge.net/ChangeLog",
"refsource": "CONFIRM",
"url": "http://pupnp.sourceforge.net/ChangeLog"
},
{
"name": "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play"
},
{
"name": "VU#922681",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/922681"
},
{
"name": "https://www.tenable.com/security/research/tra-2017-10",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2017-10"
},
{
"name": "openSUSE-SU-2013:0255",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00013.html"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037"
},
{
"name": "http://packetstormsecurity.com/files/160242/libupnp-1.6.18-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/160242/libupnp-1.6.18-Denial-Of-Service.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-5958",
"datePublished": "2013-01-31T21:00:00",
"dateReserved": "2012-11-21T00:00:00",
"dateUpdated": "2024-08-06T21:21:28.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13848 (GCVE-0-2020-13848)
Vulnerability from cvelistv5
Published
2020-06-04 19:55
Modified
2024-08-04 12:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/pupnp/pupnp/issues/177 | x_refsource_MISC | |
| https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2020/06/msg00006.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00033.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00030.html | vendor-advisory, x_refsource_SUSE | |
| https://lists.debian.org/debian-lts-announce/2021/03/msg00007.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:32:13.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pupnp/pupnp/issues/177"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0"
},
{
"name": "[debian-lts-announce] 20200608 [SECURITY] [DLA 2238-1] libupnp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00006.html"
},
{
"name": "openSUSE-SU-2020:0805",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00033.html"
},
{
"name": "openSUSE-SU-2020:0821",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00030.html"
},
{
"name": "[debian-lts-announce] 20210307 [SECURITY] [DLA 2585-1] libupnp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-08T00:06:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pupnp/pupnp/issues/177"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0"
},
{
"name": "[debian-lts-announce] 20200608 [SECURITY] [DLA 2238-1] libupnp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00006.html"
},
{
"name": "openSUSE-SU-2020:0805",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00033.html"
},
{
"name": "openSUSE-SU-2020:0821",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00030.html"
},
{
"name": "[debian-lts-announce] 20210307 [SECURITY] [DLA 2585-1] libupnp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00007.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pupnp/pupnp/issues/177",
"refsource": "MISC",
"url": "https://github.com/pupnp/pupnp/issues/177"
},
{
"name": "https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0",
"refsource": "MISC",
"url": "https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0"
},
{
"name": "[debian-lts-announce] 20200608 [SECURITY] [DLA 2238-1] libupnp security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00006.html"
},
{
"name": "openSUSE-SU-2020:0805",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00033.html"
},
{
"name": "openSUSE-SU-2020:0821",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00030.html"
},
{
"name": "[debian-lts-announce] 20210307 [SECURITY] [DLA 2585-1] libupnp security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00007.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13848",
"datePublished": "2020-06-04T19:55:34",
"dateReserved": "2020-06-04T00:00:00",
"dateUpdated": "2024-08-04T12:32:13.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5961 (GCVE-0-2012-5961)
Vulnerability from cvelistv5
Published
2013-01-31 21:00
Modified
2024-08-06 21:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long UDN (aka device) field in a UDP packet.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130129 Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp"
},
{
"name": "MDVSA-2013:098",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:098"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"name": "DSA-2615",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2615"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
},
{
"name": "DSA-2614",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2614"
},
{
"name": "57602",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57602"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pupnp.sourceforge.net/ChangeLog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play"
},
{
"name": "VU#922681",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/922681"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long UDN (aka device) field in a UDP packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-12T18:57:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "20130129 Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp"
},
{
"name": "MDVSA-2013:098",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:098"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"name": "DSA-2615",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2615"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
},
{
"name": "DSA-2614",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2614"
},
{
"name": "57602",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57602"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pupnp.sourceforge.net/ChangeLog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play"
},
{
"name": "VU#922681",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/922681"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-5961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long UDN (aka device) field in a UDP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130129 Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp"
},
{
"name": "MDVSA-2013:098",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:098"
},
{
"name": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf",
"refsource": "CONFIRM",
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"name": "https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf",
"refsource": "MISC",
"url": "https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf"
},
{
"name": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf",
"refsource": "CONFIRM",
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"name": "DSA-2615",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2615"
},
{
"name": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf",
"refsource": "CONFIRM",
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"name": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf",
"refsource": "CONFIRM",
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
},
{
"name": "DSA-2614",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2614"
},
{
"name": "57602",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57602"
},
{
"name": "https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb",
"refsource": "MISC",
"url": "https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb"
},
{
"name": "http://pupnp.sourceforge.net/ChangeLog",
"refsource": "CONFIRM",
"url": "http://pupnp.sourceforge.net/ChangeLog"
},
{
"name": "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play"
},
{
"name": "VU#922681",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/922681"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-5961",
"datePublished": "2013-01-31T21:00:00",
"dateReserved": "2012-11-21T00:00:00",
"dateUpdated": "2024-08-06T21:21:28.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}