cbcvebase.
CVE-2012-5961
published 2013-01-31

CVE-2012-5961: Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp…

PriorityP273critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
36.93%
98.3th percentile
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long UDN (aka device) field in a UDP packet.

Affected

1 ranges
VendorProductVersion rangeFixed in
libupnp_projectlibupnp

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit vector is a UDP packet targeting the SSDP parser; monitor for unusually long UDN (device) fields in SSDP UDP traffic
  • Vulnerable function is unique_service_name() in ssdp/ssdp_server.c within libupnp (portable SDK for UPnP Devices); target detection at this code path
  • Attack is delivered via specially-crafted SSDP requests over the network; inspect SSDP traffic for malformed or oversized payloads
  • Cisco tracked exposure under Bug IDs CSCue19318, CSCue20997, CSCue21009; use these identifiers when hunting for affected Cisco network devices
  • ·Only libupnp (portable SDK for UPnP Devices) version 1.3.1 is confirmed vulnerable; GUPnP is an independent implementation and is NOT affected
  • ·libupnp is embedded in multiple vendor network devices as well as media streaming and file sharing applications, broadening the attack surface beyond a single product

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.