Launchpad CVE tracker

CVE 2012-5959

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN (aka uuid) field within a string that contains a :: (colon colon) in a UDP packet.

Related bugs and status

CVE-2012-5959 (Candidate) is related to these bugs:

Bug #1110273: [Security] Vulnerability on UPnP, need an update to libupnp 1.6.18

		In	Importance	Status
1110273	[Security] Vulnerability on UPnP, need an update to libupnp 1.6.18	libupnp (Ubuntu)	Undecided	Fix Released
1110273	[Security] Vulnerability on UPnP, need an update to libupnp 1.6.18	libupnp (openSUSE)	Medium	Fix Released
1110273	[Security] Vulnerability on UPnP, need an update to libupnp 1.6.18	libupnp (Debian)	Unknown	Fix Released
1110273	[Security] Vulnerability on UPnP, need an update to libupnp 1.6.18	libupnp (Gentoo Linux)	High	Fix Released
1110273	[Security] Vulnerability on UPnP, need an update to libupnp 1.6.18	libupnp (Fedora)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-5959

References