MidnightBSD

Advisories for libupnp_project

CVE-2012-5958 HIGH

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string that is not properly handled after a certain pointer subtraction.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libupnp_project libupnp 1.6.5
libupnp_project libupnp 1.4.2
libupnp_project libupnp 1.6.1
libupnp_project libupnp 1.6.14
libupnp_project libupnp 1.6.2
libupnp_project libupnp 1.6.11
libupnp_project libupnp 1.4.3
libupnp_project libupnp 1.6.4
libupnp_project libupnp 1.6.13
libupnp_project libupnp 1.6.8
libupnp_project libupnp 1.4.4
libupnp_project libupnp 1.4.5
libupnp_project libupnp 1.4.6
libupnp_project libupnp 1.6.10
libupnp_project libupnp 1.6.3
libupnp_project libupnp 1.6.9
libupnp_project libupnp 1.4.1
libupnp_project libupnp 1.6.0
libupnp_project libupnp 1.6.15
libupnp_project libupnp 1.6.6
libupnp_project libupnp 1.4.0
libupnp_project libupnp 1.6.16
libupnp_project libupnp *
libupnp_project libupnp 1.6.7
libupnp_project libupnp 1.4.7
libupnp_project libupnp 1.6.12
CVE-2012-5961 HIGH

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long UDN (aka device) field in a UDP packet.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libupnp_project libupnp 1.3.1
CVE-2016-6255 MEDIUM

Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
debian debian_linux 8.0
libupnp_project libupnp *
CVE-2016-8863 HIGH

Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an SUBSCRIBE request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
debian debian_linux 8.0
libupnp_project libupnp *
CVE-2020-13848 MEDIUM

Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
debian debian_linux 8.0
libupnp_project libupnp *