Buffer overflow in Libupnp_project Libupnp

CVE-2012-5961

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute a…

Vulnerability class: Buffer Overflow

EPSS: 0.723 (98.8th percentile) — read the EPSS interpretation.

Affected products

Libupnp_project Libupnp — versions 1.3.1
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

20130129 Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities (x_refsource_CISCO, vendor-advisory)
MDVSA-2013:098 (vendor-advisory, x_refsource_MANDRIVA)
cret@cert.org (x_refsource_CONFIRM)
cret@cert.org (x_refsource_MISC)
cret@cert.org (x_refsource_CONFIRM)
DSA-2615 (vendor-advisory, x_refsource_DEBIAN)
cret@cert.org (x_refsource_CONFIRM)
cret@cert.org (x_refsource_CONFIRM)
DSA-2614 (vendor-advisory, x_refsource_DEBIAN)
57602 (Exploit, vdb-entry, x_refsource_BID)