Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2012-5958

Published: 31/01/2013 Updated: 28/11/2020
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Libupnp

Vulnerability Summary

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) prior to 1.6.18 allows remote malicious users to execute arbitrary code via a UDP packet with a crafted string that is not properly handled after a certain pointer subtraction.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libupnp project libupnp 1.6.12

libupnp project libupnp 1.6.11

libupnp project libupnp 1.6.4

libupnp project libupnp 1.6.3

libupnp project libupnp 1.4.3

libupnp project libupnp 1.4.2

libupnp project libupnp 1.6.16

libupnp project libupnp 1.6.15

libupnp project libupnp 1.6.8

libupnp project libupnp 1.6.7

libupnp project libupnp 1.6.0

libupnp project libupnp 1.4.7

libupnp project libupnp 1.6.14

libupnp project libupnp 1.6.13

libupnp project libupnp 1.6.6

libupnp project libupnp 1.6.5

libupnp project libupnp 1.4.6

libupnp project libupnp 1.4.5

libupnp project libupnp 1.4.4

libupnp project libupnp

libupnp project libupnp 1.6.10

libupnp project libupnp 1.6.9

libupnp project libupnp 1.6.2

libupnp project libupnp 1.6.1

libupnp project libupnp 1.4.1

libupnp project libupnp 1.4.0

Vendor Advisories

Debian CVElist Bug Report Logs: libupnp: Multiple stack buffer overflow vulnerabilities
Debian Bug report logs - #699316 libupnp: Multiple stack buffer overflow vulnerabilities Package: libupnp; Maintainer for libupnp is Nick Leverton <nick@levertonorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 30 Jan 2013 07:15:01 UTC Severity: grave Tags: patch, security Merged with 699342 Fo ...
Debian Security Advisories: DSA-2615-1 libupnp4 -- several vulnerabilities
Multiple stack-based buffer overflows were discovered in libupnp4, a library used for handling the Universal Plug and Play protocol HD Moore from Rapid7 discovered that SSDP queries where not correctly handled by the unique_service_name() function An attacker sending carefully crafted SSDP queries to a daemon built on libupnp4 could generate a bu ...
Debian Security Advisories: DSA-2614-1 libupnp -- several vulnerabilities
Multiple stack-based buffer overflows were discovered in libupnp, a library used for handling the Universal Plug and Play protocol HD Moore from Rapid7 discovered that SSDP queries where not correctly handled by the unique_service_name() function An attacker sending carefully crafted SSDP queries to a daemon built on libupnp could generate a buff ...
Cisco: Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities
The Portable Software Developer Kit (SDK) for Universal Plug-n-Play (UPnP) Devices contains a libupnp library, originally known as the Intel SDK for UPnP Devices, which is vulnerable to multiple stack-based buffer overflows when handling malicious Simple Service Discovery Protocol (SSDP) requests This library is used in several vendor network devi ...

Exploits

Exploit DB: Portable UPnP SDK - 'unique_service_name()' Remote Code Execution (Metasploit)
## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # web site for more information on licensing and terms of use # metasploitcom/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking def initialize(info = { ...
Exploit DB: libupnp 1.6.18 Denial Of Service
libupnp version 1618 stack-based buffer overflow denial of service exploit ...

Github Repositories

https://github.com/lochiiconnectivity/vulnupnp

Discover uPNP devices vulnerable to CVE-2013-0229 / CVE-2013-0230 / CVE-2012-5958 / CVE-2012-5959

vulnupnp Discover uPNP devices vulnerable to CVE-2013-0229 / CVE-2013-0230 / CVE-2012-5958 / CVE-2012-5959

References

CWE-119https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdfhttp://pupnp.sourceforge.net/ChangeLoghttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnphttps://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-playhttp://www.kb.cert.org/vuls/id/922681http://www.debian.org/security/2013/dsa-2614http://www.debian.org/security/2013/dsa-2615http://lists.opensuse.org/opensuse-updates/2013-02/msg00013.htmlhttp://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdfhttp://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdfhttp://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdfhttp://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdfhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:098https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFbhttp://www.securityfocus.com/bid/57602https://www.tenable.com/security/research/tra-2017-10http://packetstormsecurity.com/files/160242/libupnp-1.6.18-Denial-Of-Service.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699316https://nvd.nist.govhttps://github.com/lochiiconnectivity/vulnupnphttps://www.exploit-db.com/exploits/24455/http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnphttps://www.kb.cert.org/vuls/id/922681
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook