CVE-2012-5958

libupnp 1.6.18 - Stack-based buffer overflow (DoS)

Severity Score

10.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string that is not properly handled after a certain pointer subtraction.

Desbordamiento de búfer basado en la pila en la función unique_service_name en ssdp/ssdp_server.c en el validador SSDP del SDK para dispositivos UPnP (también conocido como libupnp, anteriormente el SDK Intel para dispositivos UPnP) v1.6.18 que permite a atacantes remotos ejecutar código arbitrario a través de un paquete UDP con una cadena modificada que no es manejada adecuadamente después de la resta de un determinado puntero.

*Credits: N/A

CVSS Scores

NISTv2 10.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-11-21 CVE Reserved
2013-01-31 CVE Published
2013-02-05 First Exploit
2024-08-06 CVE Updated
2024-10-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (21)

URL	Tag	Source
http://packetstormsecurity.com/files/160242/libupnp-1.6.18-Denial-Of-Service.html	X_refsource_misc
http://pupnp.sourceforge.net/ChangeLog	X_refsource_confirm
http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf	X_refsource_confirm
http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf	X_refsource_confirm
http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf	X_refsource_confirm
http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf	X_refsource_confirm
https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play	X_refsource_misc
https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf	X_refsource_misc
https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb	X_refsource_misc
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037	X_refsource_confirm
https://www.tenable.com/security/research/tra-2017-10	X_refsource_misc
-

URL	Date	SRC
https://www.exploit-db.com/exploits/49119	2020-11-27
https://www.exploit-db.com/exploits/24455	2013-02-05
http://www.securityfocus.com/bid/57602	2024-08-06

URL	Date	SRC
http://www.kb.cert.org/vuls/id/922681	2020-11-28

URL	Date	SRC
http://lists.opensuse.org/opensuse-updates/2013-02/msg00013.html	2020-11-28
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp	2020-11-28
http://www.debian.org/security/2013/dsa-2614	2020-11-28
http://www.debian.org/security/2013/dsa-2615	2020-11-28
http://www.mandriva.com/security/advisories?name=MDVSA-2013:098	2020-11-28

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Libupnp Project Search vendor "Libupnp Project"		Libupnp Search vendor "Libupnp Project" for product "Libupnp"				<= 1.6.17 Search vendor "Libupnp Project" for product "Libupnp" and version " <= 1.6.17"		-		Affected
Libupnp Project Search vendor "Libupnp Project"		Libupnp Search vendor "Libupnp Project" for product "Libupnp"				1.4.0 Search vendor "Libupnp Project" for product "Libupnp" and version "1.4.0"		-		Affected
Libupnp Project Search vendor "Libupnp Project"		Libupnp Search vendor "Libupnp Project" for product "Libupnp"				1.4.1 Search vendor "Libupnp Project" for product "Libupnp" and version "1.4.1"		-		Affected
Libupnp Project Search vendor "Libupnp Project"		Libupnp Search vendor "Libupnp Project" for product "Libupnp"				1.4.2 Search vendor "Libupnp Project" for product "Libupnp" and version "1.4.2"		-		Affected
Libupnp Project Search vendor "Libupnp Project"		Libupnp Search vendor "Libupnp Project" for product "Libupnp"				1.4.3 Search vendor "Libupnp Project" for product "Libupnp" and version "1.4.3"		-		Affected
Libupnp Project Search vendor "Libupnp Project"		Libupnp Search vendor "Libupnp Project" for product "Libupnp"				1.4.4 Search vendor "Libupnp Project" for product "Libupnp" and version "1.4.4"		-		Affected
Libupnp Project Search vendor "Libupnp Project"		Libupnp Search vendor "Libupnp Project" for product "Libupnp"				1.4.5 Search vendor "Libupnp Project" for product "Libupnp" and version "1.4.5"		-		Affected
Libupnp Project Search vendor "Libupnp Project"		Libupnp Search vendor "Libupnp Project" for product "Libupnp"				1.4.6 Search vendor "Libupnp Project" for product "Libupnp" and version "1.4.6"		-		Affected
Libupnp Project Search vendor "Libupnp Project"		Libupnp Search vendor "Libupnp Project" for product "Libupnp"				1.4.7 Search vendor "Libupnp Project" for product "Libupnp" and version "1.4.7"		-		Affected
Libupnp Project Search vendor "Libupnp Project"		Libupnp Search vendor "Libupnp Project" for product "Libupnp"				1.6.0 Search vendor "Libupnp Project" for product "Libupnp" and version "1.6.0"		-		Affected
Libupnp Project Search vendor "Libupnp Project"		Libupnp Search vendor "Libupnp Project" for product "Libupnp"				1.6.1 Search vendor "Libupnp Project" for product "Libupnp" and version "1.6.1"		-		Affected
Libupnp Project Search vendor "Libupnp Project"		Libupnp Search vendor "Libupnp Project" for product "Libupnp"				1.6.2 Search vendor "Libupnp Project" for product "Libupnp" and version "1.6.2"		-		Affected
Libupnp Project Search vendor "Libupnp Project"		Libupnp Search vendor "Libupnp Project" for product "Libupnp"				1.6.3 Search vendor "Libupnp Project" for product "Libupnp" and version "1.6.3"		-		Affected
Libupnp Project Search vendor "Libupnp Project"		Libupnp Search vendor "Libupnp Project" for product "Libupnp"				1.6.4 Search vendor "Libupnp Project" for product "Libupnp" and version "1.6.4"		-		Affected
Libupnp Project Search vendor "Libupnp Project"		Libupnp Search vendor "Libupnp Project" for product "Libupnp"				1.6.5 Search vendor "Libupnp Project" for product "Libupnp" and version "1.6.5"		-		Affected
Libupnp Project Search vendor "Libupnp Project"		Libupnp Search vendor "Libupnp Project" for product "Libupnp"				1.6.6 Search vendor "Libupnp Project" for product "Libupnp" and version "1.6.6"		-		Affected
Libupnp Project Search vendor "Libupnp Project"		Libupnp Search vendor "Libupnp Project" for product "Libupnp"				1.6.7 Search vendor "Libupnp Project" for product "Libupnp" and version "1.6.7"		-		Affected
Libupnp Project Search vendor "Libupnp Project"		Libupnp Search vendor "Libupnp Project" for product "Libupnp"				1.6.8 Search vendor "Libupnp Project" for product "Libupnp" and version "1.6.8"		-		Affected
Libupnp Project Search vendor "Libupnp Project"		Libupnp Search vendor "Libupnp Project" for product "Libupnp"				1.6.9 Search vendor "Libupnp Project" for product "Libupnp" and version "1.6.9"		-		Affected
Libupnp Project Search vendor "Libupnp Project"		Libupnp Search vendor "Libupnp Project" for product "Libupnp"				1.6.10 Search vendor "Libupnp Project" for product "Libupnp" and version "1.6.10"		-		Affected
Libupnp Project Search vendor "Libupnp Project"		Libupnp Search vendor "Libupnp Project" for product "Libupnp"				1.6.11 Search vendor "Libupnp Project" for product "Libupnp" and version "1.6.11"		-		Affected
Libupnp Project Search vendor "Libupnp Project"		Libupnp Search vendor "Libupnp Project" for product "Libupnp"				1.6.12 Search vendor "Libupnp Project" for product "Libupnp" and version "1.6.12"		-		Affected
Libupnp Project Search vendor "Libupnp Project"		Libupnp Search vendor "Libupnp Project" for product "Libupnp"				1.6.13 Search vendor "Libupnp Project" for product "Libupnp" and version "1.6.13"		-		Affected
Libupnp Project Search vendor "Libupnp Project"		Libupnp Search vendor "Libupnp Project" for product "Libupnp"				1.6.14 Search vendor "Libupnp Project" for product "Libupnp" and version "1.6.14"		-		Affected
Libupnp Project Search vendor "Libupnp Project"		Libupnp Search vendor "Libupnp Project" for product "Libupnp"				1.6.15 Search vendor "Libupnp Project" for product "Libupnp" and version "1.6.15"		-		Affected
Libupnp Project Search vendor "Libupnp Project"		Libupnp Search vendor "Libupnp Project" for product "Libupnp"				1.6.16 Search vendor "Libupnp Project" for product "Libupnp" and version "1.6.16"		-		Affected