cbcvebase.
CVE-2012-5965
published 2013-01-31

CVE-2012-5965: Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp…

PriorityP273critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
36.93%
98.3th percentile
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long DeviceType (aka urn device) field in a UDP packet.

Affected

1 ranges
VendorProductVersion rangeFixed in
portable_sdk_for_upnp_projectportable_sdk_for_upnp

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability is triggered via a long DeviceType (urn device) field in a UDP packet targeting the SSDP parser; monitor for oversized SSDP UDP packets with abnormally long 'urn:' device type strings directed at UPnP services
  • The vulnerable function is unique_service_name() in ssdp/ssdp_server.c within libupnp (portable SDK for UPnP Devices); focus code-level and runtime detection on this function's stack buffer handling
  • Attack vector is SSDP over UDP; inspect UDP traffic on standard SSDP port (1900) for malformed or oversized SSDP requests containing unusually long DeviceType/urn fields
  • ·Only libupnp (portable SDK for UPnP Devices) version 1.3.1 is confirmed vulnerable; GUPnP is an independent UPnP implementation and is NOT affected
  • ·libupnp is embedded in multiple vendor network devices and media/file-sharing applications beyond the SDK itself; scope of exposure extends to any product shipping the affected library

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.