Name | CVE-2012-5965 |
Description | Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long DeviceType (aka urn device) field in a UDP packet. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DSA-2614-1, DSA-2615-1 |
Debian Bugs | 699316, 699459 |
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|---|---|---|
libupnp (PTS) | jessie, jessie (lts) | 1:1.6.19+git20141001-1+deb8u2 | fixed |
stretch (security), stretch (lts), stretch | 1:1.6.19+git20160116-1.2+deb9u1 | fixed |
The information below is based on the following data on fixed versions.
Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
---|---|---|---|---|---|---|
libupnp | source | squeeze | 1:1.6.6-5+squeeze1 | DSA-2614-1 | ||
libupnp | source | (unstable) | 1:1.6.17-1.2 | 699316 | ||
libupnp4 | source | squeeze | 1.8.0~svn20100507-1+squeeze1 | DSA-2615-1 | ||
libupnp4 | source | (unstable) | 1.8.0~svn20100507-1.2 | 699459 |