cbcvebase.
CVE-2012-5963
published 2013-01-31

CVE-2012-5963: Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp…

PriorityP271critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
36.93%
98.3th percentile
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long UDN (aka uuid) field within a string that lacks a :: (colon colon) in a UDP packet.

Affected

1 ranges
VendorProductVersion rangeFixed in
portable_sdk_for_upnp_projectportable_sdk_for_upnp

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit vector is a UDP packet targeting the SSDP parser; detect anomalously long UDN/uuid fields in SSDP UDP traffic (typically UDP port 1900) that lack a '::' (colon colon) separator, which triggers the stack-based buffer overflow in unique_service_name()
  • Vulnerable code is located in ssdp/ssdp_server.c within the unique_service_name() function of libupnp (portable SDK for UPnP Devices); focus runtime/static analysis and patching on this specific function
  • Affected library is libupnp version 1.3.1; inventory network devices and media/file-sharing applications using this library version as potential attack surface
  • Attack is delivered via malicious SSDP requests over the network; monitor/block unexpected or malformed SSDP traffic, especially from external/untrusted sources
  • ·GUPnP is NOT affected — it is an independent UPnP implementation entirely separate from libupnp and does not share the vulnerable code path
  • ·Red Hat Enterprise Linux does not ship libupnp, so RHEL-based systems are not exposed through the OS vendor; however, third-party applications bundling libupnp 1.3.1 on any platform remain vulnerable
  • ·Multiple Cisco products were under evaluation for exposure; track Cisco Bug IDs CSCue19318, CSCue20997, and CSCue21009 for affected Cisco device firmware

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.