CVE-2012-5958

Published: Jan 31, 2013Modified: Apr 29, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string that is not properly handled after a certain pointer subtraction.

Affected (26)

Products: Libupnp Project: Libupnp

Libupnp Project

1 product

Configuration A

26 vulnerable

Vulnerable Software	Affected Versions
Libupnp Project Libupnp	Up to 1.6.17
Libupnp Project Libupnp	Version 1.4.0
Libupnp Project Libupnp	Version 1.4.1
Libupnp Project Libupnp	Version 1.4.2
Libupnp Project Libupnp	Version 1.4.3
Libupnp Project Libupnp	Version 1.4.4
Libupnp Project Libupnp	Version 1.4.5
Libupnp Project Libupnp	Version 1.4.6
Libupnp Project Libupnp	Version 1.4.7
Libupnp Project Libupnp	Version 1.6.0
Libupnp Project Libupnp	Version 1.6.10
Libupnp Project Libupnp	Version 1.6.11
Libupnp Project Libupnp	Version 1.6.12
Libupnp Project Libupnp	Version 1.6.13
Libupnp Project Libupnp	Version 1.6.14
Libupnp Project Libupnp	Version 1.6.15
Libupnp Project Libupnp	Version 1.6.16
Libupnp Project Libupnp	Version 1.6.1
Libupnp Project Libupnp	Version 1.6.2
Libupnp Project Libupnp	Version 1.6.3
Libupnp Project Libupnp	Version 1.6.4
Libupnp Project Libupnp	Version 1.6.5
Libupnp Project Libupnp	Version 1.6.6
Libupnp Project Libupnp	Version 1.6.7
Libupnp Project Libupnp	Version 1.6.8
Libupnp Project Libupnp	Version 1.6.9

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (36)

http://lists.opensuse.org/opensuse-updates/2013-02/msg00013.html

Source: cret@cert.org

http://packetstormsecurity.com/files/160242/libupnp-1.6.18-Denial-Of-Service.html

Source: cret@cert.org

http://pupnp.sourceforge.net/ChangeLog

Source: cret@cert.org

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp

Source: cret@cert.org

http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf

Source: cret@cert.org

http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf

Source: cret@cert.org

http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf

Source: cret@cert.org

http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf

Source: cret@cert.org

http://www.debian.org/security/2013/dsa-2614

Source: cret@cert.org

http://www.debian.org/security/2013/dsa-2615

Source: cret@cert.org

http://www.kb.cert.org/vuls/id/922681

Source: cret@cert.org

PatchUS Government Resource

http://www.mandriva.com/security/advisories?name=MDVSA-2013:098

Source: cret@cert.org

http://www.securityfocus.com/bid/57602

Source: cret@cert.org

Exploit

https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play

Source: cret@cert.org

https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf

Source: cret@cert.org

https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb

Source: cret@cert.org

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037

Source: cret@cert.org

https://www.tenable.com/security/research/tra-2017-10

Source: cret@cert.org

http://lists.opensuse.org/opensuse-updates/2013-02/msg00013.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://packetstormsecurity.com/files/160242/libupnp-1.6.18-Denial-Of-Service.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://pupnp.sourceforge.net/ChangeLog

Source: af854a3a-2127-422b-91ae-364da2661108

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp

Source: af854a3a-2127-422b-91ae-364da2661108

http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2013/dsa-2614

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2013/dsa-2615

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/922681

Source: af854a3a-2127-422b-91ae-364da2661108

PatchUS Government Resource

http://www.mandriva.com/security/advisories?name=MDVSA-2013:098

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/57602

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play

Source: af854a3a-2127-422b-91ae-364da2661108

https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb

Source: af854a3a-2127-422b-91ae-364da2661108

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.tenable.com/security/research/tra-2017-10

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.