What is CVE-2012-5960?

CVE-2012-5960 is a vulnerability in Portable_sdk_for_upnp_project Portable_sdk_for_upnp, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2013-01-31.

Is CVE-2012-5960 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Portable_sdk_for_upnp_project Portable_sdk_for_upnp

CVE-2012-5960

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to e…

Vulnerability class: Buffer Overflow

EPSS: 0.560 (98.1th percentile) — read the EPSS interpretation.

Affected products

Portable_sdk_for_upnp_project Portable_sdk_for_upnp — versions 1.4.0, 1.4.1, 1.4.2
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

References

20130129 Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities (x_refsource_CISCO, vendor-advisory)
MDVSA-2013:098 (vendor-advisory, x_refsource_MANDRIVA)
cret@cert.org (x_refsource_MISC)
DSA-2615 (vendor-advisory, x_refsource_DEBIAN)
DSA-2614 (vendor-advisory, x_refsource_DEBIAN)
57602 (Exploit, vdb-entry, x_refsource_BID)
cret@cert.org (x_refsource_MISC)
cret@cert.org (x_refsource_CONFIRM)
cret@cert.org (x_refsource_MISC)
VU#922681 (x_refsource_CERT-VN, US Government Resource, Patch, third-party-advisory)

Frequently asked questions

What is CVE-2012-5960?: CVE-2012-5960 is a vulnerability in Portable_sdk_for_upnp_project Portable_sdk_for_upnp, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2013-01-31.
Is CVE-2012-5960 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.