Upstream information
Description
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN (aka upnp:rootdevice) field in a UDP packet.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having critical severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 10 |
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Complete |
| Integrity Impact | Complete |
| Availability Impact | Complete |
SUSE Security Advisories:
- openSUSE-SU-2013:0255-1, published Thu, 7 Feb 2013 09:04:22 +0100 (CET)
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| openSUSE Leap 15.2 |
| Patchnames: openSUSE Leap 15.2 GA libupnp6-1.6.25-lp152.4.1 |
| openSUSE Tumbleweed |
| Patchnames: openSUSE Tumbleweed GA libupnp-devel-1.6.19-1.8 |
SUSE Timeline for this CVE
CVE page created: Tue Jul 9 19:41:53 2013CVE page last modified: Fri Oct 7 12:46:21 2022
Run SAP
SUSE for Public Cloud
Security
