MidnightBSD

Advisories for portable_sdk_for_upnp_project

CVE-2012-5959 HIGH

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN (aka uuid) field within a string that contains a :: (colon colon) in a UDP packet.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
portable_sdk_for_upnp_project portable_sdk_for_upnp *
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.6
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.8
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.5
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.3
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.4
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.2
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.5
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.13
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.14
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.7
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.2
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.7
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.1
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.4
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.16
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.15
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.0
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.0
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.12
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.11
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.3
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.10
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.9
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.1
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.6
CVE-2012-5960 HIGH

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN (aka upnp:rootdevice) field in a UDP packet.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
portable_sdk_for_upnp_project portable_sdk_for_upnp *
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.6
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.8
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.5
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.3
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.4
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.2
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.5
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.13
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.14
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.7
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.2
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.7
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.1
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.4
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.16
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.15
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.0
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.0
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.12
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.11
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.3
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.10
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.9
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.1
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.6
CVE-2012-5962 HIGH

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long DeviceType (aka urn) field in a UDP packet.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.3.1
CVE-2012-5963 HIGH

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long UDN (aka uuid) field within a string that lacks a :: (colon colon) in a UDP packet.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.3.1
CVE-2012-5964 HIGH

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long ServiceType (aka urn service) field in a UDP packet.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.3.1
CVE-2012-5965 HIGH

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long DeviceType (aka urn device) field in a UDP packet.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.3.1