DSA-2614-1 libupnp -- several issuesID: oval:org.secpod.oval:def:600958 | Date: (C)2013-02-06 (M)2022-10-10 |
Class: PATCH | Family: unix |
Multiple stack-based buffer overflows were discovered in libupnp, a library used for handling the Universal Plug and Play protocol. HD Moore from Rapid7 discovered that SSDP queries where not correctly handled by the unique_service_name function. An attacker sending carefully crafted SSDP queries to a daemon built on libupnp could generate a buffer overflow, overwriting the stack, leading to the daemon crash and possible remote code execution.
Product: |
libupnp-dev |
libupnp3 |
libupnp3-dbg |
libupnp3-dev |