cbcvebase.
CVE-2012-5964
published 2013-01-31

CVE-2012-5964: Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp…

PriorityP273critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
36.93%
98.3th percentile
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long ServiceType (aka urn service) field in a UDP packet.

Affected

1 ranges
VendorProductVersion rangeFixed in
portable_sdk_for_upnp_projectportable_sdk_for_upnp

Detection & IOCsextracted from sources · hover to see the quote

pathssdp/ssdp_server.c
portUDP/1900
  • Detect oversized ServiceType (urn service) field in SSDP UDP packets targeting the unique_service_name() parser function in libupnp 1.3.1
  • Monitor for malicious SSDP requests sent over UDP to devices running libupnp (formerly Intel SDK for UPnP Devices), particularly those with abnormally long urn service strings
  • Focus detection on the unique_service_name() function in ssdp/ssdp_server.c for stack-based buffer overflow conditions triggered by crafted SSDP input
  • ·Vulnerability is specific to libupnp (formerly Intel SDK for UPnP Devices) version 1.3.1; GUPnP is an independent UPnP implementation and is NOT affected
  • ·libupnp is embedded in multiple vendor network devices and media/file-sharing applications, broadening the attack surface beyond a single product

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.