DSA-2615-1 libupnp4 -- severalID: oval:org.secpod.oval:def:600959 | Date: (C)2013-02-06 (M)2022-10-10 |
Class: PATCH | Family: unix |
Multiple stack-based buffer overflows were discovered in libupnp4, a library used for handling the Universal Plug and Play protocol. HD Moore from Rapid7 discovered that SSDP queries where not correctly handled by the unique_service_name function. An attacker sending carefully crafted SSDP queries to a daemon built on libupnp4 could generate a buffer overflow, overwriting the stack, leading to the daemon crash and possible remote code execution.
Product: |
libupnp4-doc |
libupnp4 |
libupnp4-dbg |
libupnp4-dev |