Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2020-13848

Published: 04/06/2020 Updated: 08/03/2021
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Libupnp Project

Vulnerability Summary

Portable UPnP SDK (aka libupnp) 1.12.1 and previous versions allows remote malicious users to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libupnp project libupnp

debian debian linux 8.0

Vendor Advisories

Debian CVElist Bug Report Logs: pupnp-1.8: CVE-2020-13848
Debian Bug report logs - #962282 pupnp-18: CVE-2020-13848 Package: src:pupnp-18; Maintainer for src:pupnp-18 is James Cowgill <jcowgill@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 5 Jun 2020 15:09:01 UTC Severity: important Tags: security, upstream Found in version pupnp-18/1:1 ...
Arch Linux Issues:
A NULL-pointer dereference has been found in libupnp <= 1121, in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_tablec, allowing a remote attacker to cause a denial of service (crash) via a crafted SSDP message ...

References

CWE-476https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0https://github.com/pupnp/pupnp/issues/177https://lists.debian.org/debian-lts-announce/2020/06/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-06/msg00030.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-06/msg00033.htmlhttps://lists.debian.org/debian-lts-announce/2021/03/msg00007.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962282https://nvd.nist.govhttps://security.archlinux.org/CVE-2020-13848
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook