Vulnerability Details : CVE-2012-5965
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long DeviceType (aka urn device) field in a UDP packet.
Vulnerability category: OverflowExecute code
Products affected by CVE-2012-5965
- cpe:2.3:a:portable_sdk_for_upnp_project:portable_sdk_for_upnp:1.3.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-5965
74.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-5965
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2012-5965
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-5965
-
http://www.debian.org/security/2013/dsa-2615
Debian -- Security Information -- DSA-2615-1 libupnp4
-
http://www.debian.org/security/2013/dsa-2614
Debian -- Security Information -- DSA-2614-1 libupnp
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp
Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities
-
http://www.mandriva.com/security/advisories?name=MDVSA-2013:098
mandriva.com
-
https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb
Help @ Rapid7
-
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037
Support/Advisories/MGASA-2013-0037 - Mageia wiki
-
http://pupnp.sourceforge.net/ChangeLog
-
http://www.kb.cert.org/vuls/id/922681
VU#922681 - Portable SDK for UPnP Devices (libupnp) contains multiple buffer overflows in SSDPPatch;US Government Resource
-
http://www.securityfocus.com/bid/57602
libupnp Multiple Buffer Overflow VulnerabilitiesExploit
-
https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf
Help @ Rapid7
-
https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play
Security Flaws in Universal Plug and Play: Unplug, Don't Play
Jump to