CVE-2012-5958
Summary
| CVE | CVE-2012-5958 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-01-31 21:55:00 UTC |
| Updated | 2020-11-28 19:15:00 UTC |
| Description | Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string that is not properly handled after a certain pointer subtraction. |
Risk And Classification
Problem Types: CWE-119
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Libupnp Project | Libupnp | 1.4.0 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.4.1 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.4.2 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.4.3 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.4.4 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.4.5 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.4.6 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.4.7 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.6.0 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.6.1 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.6.10 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.6.11 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.6.12 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.6.13 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.6.14 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.6.15 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.6.16 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.6.2 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.6.3 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.6.4 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.6.5 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.6.6 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.6.7 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.6.8 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.6.9 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.4.0 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.4.1 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.4.2 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.4.3 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.4.4 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.4.5 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.4.6 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.4.7 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.6.0 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.6.1 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.6.10 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.6.11 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.6.12 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.6.13 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.6.14 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.6.15 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.6.16 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.6.2 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.6.3 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.6.4 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.6.5 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.6.6 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.6.7 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.6.8 | All | All | All |
| Application | Libupnp Project | Libupnp | 1.6.9 | All | All | All |
| Application | Libupnp Project | Libupnp | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Information Security: Security Flaws in Univers... | SecurityStreet | MISC | community.rapid7.com | |
| community.rapid7.com/servlet/servlet.FileDownload | MISC | community.rapid7.com | |
| Cisco Security Advisory: Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities | CISCO | tools.cisco.com | |
| Support/Advisories/MGASA-2013-0037 - Mageia wiki | CONFIRM | wiki.mageia.org | |
| openSUSE-SU-2013:0255-1: moderate: update for libupnp | SUSE | lists.opensuse.org | |
| libupnp 1.6.18 Denial Of Service ≈ Packet Storm | MISC | packetstormsecurity.com | |
| tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1... | CONFIRM | tsd.dlink.com.tw | |
| Debian -- Security Information -- DSA-2615-1 libupnp4 | DEBIAN | www.debian.org | |
| [R1] Debian MediaTomb (fork) Multiple Remote Vulnerabilities - Research Advisory | Tenable® | MISC | www.tenable.com | |
| libupnp Multiple Buffer Overflow Vulnerabilities | BID | www.securityfocus.com | Exploit |
| community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf | MISC | community.rapid7.com | |
| tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf | CONFIRM | tsd.dlink.com.tw | |
| tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf | CONFIRM | tsd.dlink.com.tw | |
| Support / Security / Advisories / / MDVSA-2013:098 | Mandriva | MANDRIVA | www.mandriva.com | |
| pupnp.sourceforge.net/ChangeLog | CONFIRM | pupnp.sourceforge.net | |
| Vulnerability Note VU#922681 - Portable SDK for UPnP Devices (libupnp) contains multiple buffer overflows in SSDP | CERT-VN | www.kb.cert.org | Patch, US Government Resource |
| tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_W... | CONFIRM | tsd.dlink.com.tw | |
| Debian -- Security Information -- DSA-2614-1 libupnp | DEBIAN | www.debian.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.