Back to search
CVE-2012-5959
Published: Jan 31, 2013
Modified: Aug 6, 2024
PUBLISHED
Description
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN (aka uuid) field within a string that contains a :: (colon colon) in a UDP packet.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20130129 Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities
vendor-advisory
x_refsource_CISCO
MDVSA-2013:098
vendor-advisory
x_refsource_MANDRIVA
DSA-2615
vendor-advisory
x_refsource_DEBIAN
DSA-2614
vendor-advisory
x_refsource_DEBIAN
57602
vdb-entry
x_refsource_BID
http://pupnp.sourceforge.net/ChangeLog
x_refsource_CONFIRM
VU#922681
third-party-advisory
x_refsource_CERT-VN
https://www.tenable.com/security/research/tra-2017-10
x_refsource_MISC
openSUSE-SU-2013:0255
vendor-advisory
x_refsource_SUSE
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now