cbcvebase.
CVE-2012-5960
published 2013-01-31

CVE-2012-5960: Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp…

PriorityP272critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
32.63%
98.1th percentile
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN (aka upnp:rootdevice) field in a UDP packet.

Affected

26 ranges· showing 25
VendorProductVersion rangeFixed in
portable_sdk_for_upnp_projectportable_sdk_for_upnp<= 1.6.17
portable_sdk_for_upnp_projectportable_sdk_for_upnp
portable_sdk_for_upnp_projectportable_sdk_for_upnp
portable_sdk_for_upnp_projectportable_sdk_for_upnp
portable_sdk_for_upnp_projectportable_sdk_for_upnp
portable_sdk_for_upnp_projectportable_sdk_for_upnp
portable_sdk_for_upnp_projectportable_sdk_for_upnp
portable_sdk_for_upnp_projectportable_sdk_for_upnp
portable_sdk_for_upnp_projectportable_sdk_for_upnp
portable_sdk_for_upnp_projectportable_sdk_for_upnp
portable_sdk_for_upnp_projectportable_sdk_for_upnp
portable_sdk_for_upnp_projectportable_sdk_for_upnp
portable_sdk_for_upnp_projectportable_sdk_for_upnp
portable_sdk_for_upnp_projectportable_sdk_for_upnp
portable_sdk_for_upnp_projectportable_sdk_for_upnp
portable_sdk_for_upnp_projectportable_sdk_for_upnp
portable_sdk_for_upnp_projectportable_sdk_for_upnp
portable_sdk_for_upnp_projectportable_sdk_for_upnp
portable_sdk_for_upnp_projectportable_sdk_for_upnp
portable_sdk_for_upnp_projectportable_sdk_for_upnp
portable_sdk_for_upnp_projectportable_sdk_for_upnp
portable_sdk_for_upnp_projectportable_sdk_for_upnp
portable_sdk_for_upnp_projectportable_sdk_for_upnp
portable_sdk_for_upnp_projectportable_sdk_for_upnp
portable_sdk_for_upnp_projectportable_sdk_for_upnp

Detection & IOCsextracted from sources · hover to see the quote

  • Detect exploitation attempts by monitoring for malformed SSDP UDP packets containing an abnormally long UDN (upnp:rootdevice) field targeting the unique_service_name function in ssdp/ssdp_server.c
  • Monitor for malicious SSDP requests over UDP; the vulnerable code path is in the SSDP parser (ssdp/ssdp_server.c) of libupnp (portable SDK for UPnP Devices) versions before 1.6.18
  • Inspect network traffic for oversized SSDP messages; the vulnerability is triggered via specially-crafted SSDP requests containing a long UDN field
  • ·Multiple Cisco products were identified as potentially exposed; Cisco tracked this under Bug IDs CSCue19318, CSCue20997, and CSCue21009. Verify whether network devices in scope use the affected libupnp library.
  • ·GUPnP is NOT affected — it is an independent implementation of the UPnP standard entirely different from libupnp. Do not conflate the two in detection or patching scope.
  • ·The vulnerability affects libupnp (formerly Intel SDK for UPnP Devices) before version 1.6.18, and is also present in media streaming and file sharing applications that bundle the library — not just network devices.

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.