Lucene search
K
Libupnp ProjectLibupnp

5 matches found

CVE
CVE
•added 2013/01/31 9:0 p.m.•277 views

CVE-2012-5958

CVE-2012-5958 is a stack-based buffer overflow in the unique_service_name() function of the SSDP parser in the Portable SDK for UPnP Devices (libupnp). It allows remote attackers to execute arbitrary code via crafted SSDP/UPnP traffic before version 1.6.18. Public advisories note the vulnerabilit...

10CVSS7.8AI score0.82807EPSS
Web
CVE
CVE
•added 2020/06/04 7:55 p.m.•238 views

CVE-2020-13848

CVE-2020-13848 affects Portable UPnP SDK (libupnp) 1.12.1 and earlier. The vulnerability is a NULL pointer dereference in FindServiceControlURLPath and FindServiceEventURLPath inside genlib/service_table/service_table.c, exploitable via crafted SSDP messages to cause a denial of service (crash). ...

7.5CVSS7AI score0.03469EPSS
CVE
CVE
•added 2017/03/07 4:0 p.m.•106 views

CVE-2016-6255

CVE-2016-6255 affects libupnp (Portable UPnP SDK) before 1.6.21. A remote attacker can write arbitrary files in the webroot via a POST request to a UPnP HTTP server without a registered handler, enabling local file manipulation on vulnerable hosts. Connected sources show upstream fixes in libupnp...

7.5CVSS8.3AI score0.26818EPSS
Web
CVE
CVE
•added 2017/03/07 4:0 p.m.•93 views

CVE-2016-8863

CVE-2016-8863 affects the Portable UPnP SDK (libupnp) before 1.6.21. The heap-based overflow occurs in create_url_list (gena/gena_device.c) when processing a valid URI followed by an invalid one in the CALLBACK header of a SUBSCRIBE request. This can lead to a crash or potentially arbitrary code ...

9.8CVSS9.8AI score0.08488EPSS
CVE
CVE
•added 2013/01/31 9:0 p.m.•73 views

CVE-2012-5961

CVE-2012-5961 affects the Portable SDK for UPnP Devices (libupnp) 1.3.1, where a stack-based buffer overflow in unique_service_name() in ssdp/ssdp_server.c allows remote attackers to execute arbitrary code via a long UDN in a UDP packet. Connected advisories show multiple vendor updates (e.g., op...

10CVSS7.8AI score0.36925EPSS