CVE-2020-13848

Summary

CVE	CVE-2020-13848
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2020-06-04 20:15:00 UTC
Updated	2021-03-08 01:15:00 UTC
Description	Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.

Risk And Classification

Problem Types: CWE-476

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	8.0	All	All	All
Operating System	Debian	Debian Linux	8.0	All	All	All
Application	Libupnp Project	Libupnp	All	All	All	All

References

Reference	Source	Link	Tags
[security-announce] openSUSE-SU-2020:0821-1: moderate: Security update f	SUSE	lists.opensuse.org
[SECURITY] [DLA 2238-1] libupnp security update	MLIST	lists.debian.org	Mailing List, Third Party Advisory
[security-announce] openSUSE-SU-2020:0805-1: moderate: Security update f	SUSE	lists.opensuse.org
NULL pointer dereference in FindServiceControlURLPath · Issue #177 · pupnp/pupnp · GitHub	MISC	github.com	Third Party Advisory
[SECURITY] [DLA 2585-1] libupnp security update	MLIST	lists.debian.org
Fixes #177: NULL pointer dereference in FindServiceControlURLPath · pupnp/pupnp@c805c1d · GitHub	MISC	github.com	Patch, Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

501612 Alpine Linux Security Update for libupnp
690447 Free Berkeley Software Distribution (FreeBSD) Security Update for upnp (a23871f6-059b-11eb-8758-e0d55e2a8bf9)