Skip to main content

Libupnp

5 CVEs product

Monthly

CVE-2020-13848 HIGH PATCH This Week

Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Libupnp Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.5%
CVE-2016-8863 CRITICAL Act Now

Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 24.4% and no vendor patch available.

Buffer Overflow RCE Denial Of Service Libupnp Debian Linux
NVD
CVSS 3.0
9.8
EPSS
24.4%
CVE-2016-6255 HIGH POC PATCH THREAT Act Now

Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 54.1%.

Authentication Bypass Debian Linux Libupnp
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
54.1%
Threat
4.6
CVE-2012-5961 CRITICAL POC PATCH THREAT Act Now

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 72.3%.

Buffer Overflow Intel RCE Libupnp
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
72.3%
Threat
5.7
CVE-2012-5958 CRITICAL POC PATCH THREAT Act Now

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 88.6%.

Buffer Overflow Intel RCE Libupnp
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
88.6%
Threat
6.2
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Libupnp +1
NVD GitHub
EPSS 24% CVSS 9.8
CRITICAL Act Now

Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 24.4% and no vendor patch available.

Buffer Overflow RCE Denial Of Service +2
NVD
EPSS 54% 4.6 CVSS 7.5
HIGH POC PATCH THREAT Act Now

Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 54.1%.

Authentication Bypass Debian Linux Libupnp
NVD GitHub Exploit-DB
EPSS 72% 5.7 CVSS 10.0
CRITICAL POC PATCH THREAT Act Now

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 72.3%.

Buffer Overflow Intel RCE +1
NVD Exploit-DB
EPSS 89% 6.2 CVSS 10.0
CRITICAL POC PATCH THREAT Act Now

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 88.6%.

Buffer Overflow Intel RCE +1
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy