5 matches found
CVE-2012-5958
CVE-2012-5958 is a stack-based buffer overflow in the unique_service_name() function of the SSDP parser in the Portable SDK for UPnP Devices (libupnp). It allows remote attackers to execute arbitrary code via crafted SSDP/UPnP traffic before version 1.6.18. Public advisories note the vulnerabilit...
CVE-2020-13848
CVE-2020-13848 affects Portable UPnP SDK (libupnp) 1.12.1 and earlier. The vulnerability is a NULL pointer dereference in FindServiceControlURLPath and FindServiceEventURLPath inside genlib/service_table/service_table.c, exploitable via crafted SSDP messages to cause a denial of service (crash). ...
CVE-2016-6255
CVE-2016-6255 affects libupnp (Portable UPnP SDK) before 1.6.21. A remote attacker can write arbitrary files in the webroot via a POST request to a UPnP HTTP server without a registered handler, enabling local file manipulation on vulnerable hosts. Connected sources show upstream fixes in libupnp...
CVE-2016-8863
CVE-2016-8863 affects the Portable UPnP SDK (libupnp) before 1.6.21. The heap-based overflow occurs in create_url_list (gena/gena_device.c) when processing a valid URI followed by an invalid one in the CALLBACK header of a SUBSCRIBE request. This can lead to a crash or potentially arbitrary code ...
CVE-2012-5961
CVE-2012-5961 affects the Portable SDK for UPnP Devices (libupnp) 1.3.1, where a stack-based buffer overflow in unique_service_name() in ssdp/ssdp_server.c allows remote attackers to execute arbitrary code via a long UDN in a UDP packet. Connected advisories show multiple vendor updates (e.g., op...