Unrated severityNVD Advisory· Published Jun 4, 2020· Updated Aug 4, 2024
CVE-2020-13848
CVE-2020-13848
Description
Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.
Affected products
5- Portable UPnP SDK/Portable UPnP SDKdescription
- Range: <=1.12.1
- osv-coords2 versionspkg:rpm/opensuse/libupnp&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/libupnp&distro=SUSE%20Package%20Hub%2015%20SP1
< 1.6.25-lp151.3.3.1+ 1 more
- (no CPE)range: < 1.6.25-lp151.3.3.1
- (no CPE)range: < 1.6.25-bp151.4.3.1
Patches
Vulnerability mechanics
References
6- lists.opensuse.org/opensuse-security-announce/2020-06/msg00030.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-06/msg00033.htmlmitrevendor-advisoryx_refsource_SUSE
- github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0mitrex_refsource_MISC
- github.com/pupnp/pupnp/issues/177mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2020/06/msg00006.htmlmitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2021/03/msg00007.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.