Launchpad.net

CVE 2012-5965

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long DeviceType (aka urn device) field in a UDP packet.

Related bugs and status

CVE-2012-5965 (Candidate) is related to these bugs:

Bug #1110273: [Security] Vulnerability on UPnP, need an update to libupnp 1.6.18

		In	Importance	Status
1110273	[Security] Vulnerability on UPnP, need an update to libupnp 1.6.18	libupnp (Ubuntu)	Undecided	Fix Released
1110273	[Security] Vulnerability on UPnP, need an update to libupnp 1.6.18	libupnp (openSUSE)	Medium	Fix Released
1110273	[Security] Vulnerability on UPnP, need an update to libupnp 1.6.18	libupnp (Debian)	Unknown	Fix Released
1110273	[Security] Vulnerability on UPnP, need an update to libupnp 1.6.18	libupnp (Gentoo Linux)	High	Fix Released
1110273	[Security] Vulnerability on UPnP, need an update to libupnp 1.6.18	libupnp (Fedora)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-5965

Related bugs and status

Related bugs

References