Join us for The Remediation Summit on Dec. 9
Register for Free

CVE-2012-5958

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string that is not properly handled after a certain pointer subtraction.

  • OS
    Any OS
  • Version
    Any Version
  • Type
    Any Type

5 fixes found:

    Version Update

    [SECURITY] [DSA 2614-1] libupnp security update
    Published Date:Feb 2, 2013
    Updated Date:Feb 2, 2013
    Source:Debian6
    Affected Packages:

    libupnp-1.6.6

    Version Update

    [SECURITY] [DSA 2615-1] libupnp4 security update
    Published Date:Feb 2, 2013
    Updated Date:Feb 2, 2013
    Source:Debian6
    Affected Packages:

    libupnp4-1.8.0~svn20100507

  • Version Update

    libupnp: Arbitrary code execution
    Published Date:Mar 26, 2014
    Updated Date:Mar 26, 2014
    Source:Gentoo
    • Version Update

      Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities
      Published Date:Jan 29, 2013
      NaN
      • Version Update

        upnp -- multiple vulnerabilities
        Published Date:Nov 21, 2012
        Updated Date:Nov 21, 2012
        Source:FreeBSD