CVE-2016-8863
Summary
| CVE | CVE-2016-8863 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2017-03-07 16:59:00 UTC |
|---|
| Updated | 2017-11-03 01:29:00 UTC |
|---|
| Description | Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an SUBSCRIBE request. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Portable UPnP SDK / Code /
[0497e6]
/ChangeLog |
CONFIRM |
sourceforge.net |
Release Notes, Third Party Advisory |
| libupnp: Multiple vulnerabilities (GLSA 201701-52) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| [R1] Debian MediaTomb (fork) Multiple Remote Vulnerabilities - Research Advisory | Tenable® |
MISC |
www.tenable.com |
|
| Debian -- Security Information -- DSA-3736-1 libupnp |
DEBIAN |
www.debian.org |
Third Party Advisory |
| Portable UPnP SDK / Bugs / #133 Heap Buffer Overflow in 1.6.x and 1.8.x |
CONFIRM |
sourceforge.net |
Issue Tracking, Third Party Advisory |
| libupnp Heap Based Buffer Overflow Vulnerability |
BID |
www.securityfocus.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 710545 Gentoo Linux libupnp Multiple Vulnerabilities (GLSA 201701-52)
