Show plain JSON{"id": "CVE-2012-5958", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-01-31T21:55:01.037", "references": [{"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00013.html", "source": "cret@cert.org"}, {"url": "http://packetstormsecurity.com/files/160242/libupnp-1.6.18-Denial-Of-Service.html", "source": "cret@cert.org"}, {"url": "http://pupnp.sourceforge.net/ChangeLog", "source": "cret@cert.org"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp", "source": "cret@cert.org"}, {"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf", "source": "cret@cert.org"}, {"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf", "source": "cret@cert.org"}, {"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf", "source": "cret@cert.org"}, {"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf", "source": "cret@cert.org"}, {"url": "http://www.debian.org/security/2013/dsa-2614", "source": "cret@cert.org"}, {"url": "http://www.debian.org/security/2013/dsa-2615", "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/922681", "tags": ["Patch", "US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:098", "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/bid/57602", "tags": ["Exploit"], "source": "cret@cert.org"}, {"url": "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play", "source": "cret@cert.org"}, {"url": "https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf", "source": "cret@cert.org"}, {"url": "https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb", "source": "cret@cert.org"}, {"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037", "source": "cret@cert.org"}, {"url": "https://www.tenable.com/security/research/tra-2017-10", "source": "cret@cert.org"}, {"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00013.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://packetstormsecurity.com/files/160242/libupnp-1.6.18-Denial-Of-Service.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://pupnp.sourceforge.net/ChangeLog", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2013/dsa-2614", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2013/dsa-2615", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/922681", "tags": ["Patch", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:098", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/57602", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.tenable.com/security/research/tra-2017-10", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string that is not properly handled after a certain pointer subtraction."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en la pila en la funci\u00f3n unique_service_name en ssdp/ssdp_server.c en el validador SSDP del SDK para dispositivos UPnP (tambi\u00e9n conocido como libupnp, anteriormente el SDK Intel para dispositivos UPnP) v1.6.18 que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un paquete UDP con una cadena modificada que no es manejada adecuadamente despu\u00e9s de la resta de un determinado puntero."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:libupnp_project:libupnp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFE41E67-9E78-4C12-8E39-C9F78D4A0780", "versionEndIncluding": "1.6.17"}, {"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90DE5933-78E5-4D2E-8298-9FF6D3E8B13D"}, {"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1610A555-A92F-447C-A3A2-380EE0E2D92A"}, {"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1EB0C576-10C0-4908-9196-B727DD5B57BF"}, {"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD8110DB-EBA7-405E-BA1A-3392855938B2"}, {"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CA3603A-B7A4-40D9-9A41-4CF190AED62C"}, {"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14DD33E0-C89D-43DD-BA50-210BA586106C"}, {"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.4.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8ECD8AE2-44DF-4745-92EE-3544632334DE"}, {"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.4.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B9F1C0B-FE77-43C0-A7D8-194B1679B6A8"}, {"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFAB1B2E-E2B2-4FA8-8378-56DF6605D4CE"}, {"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "587F364D-9FEA-4D51-AA8C-36B002A2D4C7"}, {"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E18E58C-D60B-48EB-BE2F-A780F1134FD7"}, {"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8821D34D-AFA8-4731-94B3-012D40A13659"}, {"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F3C9F1F-1DA4-45F8-801E-6864D7FC84F3"}, {"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F60BFD1D-33FE-4D1C-95BE-7544CECFEDF1"}, {"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.6.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58CC147F-E4F7-4DE8-95E0-AD85450C90E2"}, {"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.6.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "850AEC5A-F477-408C-8C57-703A3AD32FE2"}, {"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.6.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "421F7B7A-6B3A-433F-97DA-DB9272967529"}, {"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.6.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F57EECF-DBDB-4DD3-9628-04B160CACC33"}, {"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.6.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "132B0808-1754-415A-9C28-46C61849FBE1"}, {"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.6.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FA8C2E3-AB91-4207-9F3C-5547614AD435"}, {"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.6.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC02DA1B-6206-4A8F-83EB-CE71811B98D0"}, {"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.6.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B28AA873-F88C-4FF8-8EE0-034762CBF8D0"}, {"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.6.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55070B65-0791-4607-B8B4-1EE0F9A16B18"}, {"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.6.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8F760CF-5E09-407B-988B-8EE56A2A7D2E"}, {"criteria": "cpe:2.3:a:libupnp_project:libupnp:1.6.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7246DBA-8B81-4DAA-BBD4-2DD6B368D250"}], "operator": "OR"}]}], "evaluatorImpact": "Per CERT's advisory additional products may be affected: http://www.kb.cert.org/vuls/id/922681\n\n\"Hundreds of vendors have used the libupnp library in their products, many of which are acting as the home routers for consumer networks. Any application linking to libupnp is likely to be affected\"", "sourceIdentifier": "cret@cert.org"}