CVE-2016-8863
published 2017-03-07CVE-2016-8863: Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to…
PriorityP353critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
8.49%
94.3th percentile
Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an SUBSCRIBE request.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| libupnp_project | libupnp | <= 1.6.20 | — |
| libupnp_project | libupnp | >= 0 < 1:1.6.17-1.2+deb7u2build0.14.04.1 | 1:1.6.17-1.2+deb7u2build0.14.04.1 |
| libupnp_project | libupnp | >= 0 < 1:1.6.19+git20160116-1ubuntu0.1~esm1 | 1:1.6.19+git20160116-1ubuntu0.1~esm1 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4cjm-5fqc-2f6p: Heap-based buffer overflow in the create_url_list function in gena/gena_device
ghsa_unreviewed·2022-05-17
CVE-2016-8863 [CRITICAL] CWE-119 GHSA-4cjm-5fqc-2f6p: Heap-based buffer overflow in the create_url_list function in gena/gena_device
Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an SUBSCRIBE request.
OSV
libupnp vulnerabilities
osv·2021-03-15·CVSS 7.5
CVE-2016-6255 [HIGH] libupnp vulnerabilities
libupnp vulnerabilities
Matthew Garrett discovered that libupnp mishandled POST requests by
default. An attacker could use this vulnerability to write files to
arbitrary locations in the victim's filesystem, possibly as root.
(CVE-2016-6255)
It was discovered that libupnp mishandled certain input. A remote attacker
could use this vulnerability to cause a denial of service (crash) or
possibly execute arbitrary code. (CVE-2016-8863)
OSV
CVE-2016-8863: Heap-based buffer overflow in the create_url_list function in gena/gena_device
osv·2017-03-07·CVSS 9.8
CVE-2016-8863 [CRITICAL] CVE-2016-8863: Heap-based buffer overflow in the create_url_list function in gena/gena_device
Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an SUBSCRIBE request.
Ubuntu
libupnp vulnerabilities
vendor_ubuntu·2021-03-15·CVSS 7.5
CVE-2016-6255 [HIGH] libupnp vulnerabilities
Title: libupnp vulnerabilities
Summary: Several security issues were fixed in libupnp.
Matthew Garrett discovered that libupnp mishandled POST requests by
default. An attacker could use this vulnerability to write files to
arbitrary locations in the victim's filesystem, possibly as root.
(CVE-2016-6255)
It was discovered that libupnp mishandled certain input. A remote attacker
could use this vulnerability to cause a denial of service (crash) or
possibly execute arbitrary code. (CVE-2016-8863)
Instructions: In general, a standard system update will make all the necessary changes.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-8863 libupnp: Heap buffer overflow in the create_url_list function [fedora-all]
bugzilla·2016-10-26·CVSS 9.8
CVE-2016-8863 [CRITICAL] CVE-2016-8863 libupnp: Heap buffer overflow in the create_url_list function [fedora-all]
CVE-2016-8863 libupnp: Heap buffer overflow in the create_url_list function [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported v
Bugzilla
CVE-2016-8863 libupnp: Heap buffer overflow in the create_url_list function [epel-7]
bugzilla·2016-10-26·CVSS 9.8
CVE-2016-8863 [CRITICAL] CVE-2016-8863 libupnp: Heap buffer overflow in the create_url_list function [epel-7]
CVE-2016-8863 libupnp: Heap buffer overflow in the create_url_list function [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
[bug automatically created by: add-tracking-
Bugzilla
CVE-2016-8863 libupnp: Heap buffer overflow in the create_url_list function
bugzilla·2016-10-26·CVSS 9.8
CVE-2016-8863 [CRITICAL] CVE-2016-8863 libupnp: Heap buffer overflow in the create_url_list function
CVE-2016-8863 libupnp: Heap buffer overflow in the create_url_list function
A heap buffer overflow vulnerability was found in libupnp. This vulnerability might allow for a wide range of impacts, from denial of service to remote code execution.
Upstream bug:
https://sourceforge.net/p/pupnp/bugs/133/
CVE assignment:
http://seclists.org/oss-sec/2016/q4/200
Discussion:
Created libupnp tracking bugs for this issue:
Affects: fedora-all [bug 1388773]
Affects: epel-7 [bug 1388774]
---
libupnp 1.6.21 is out, which fixes this issue among others: http://pupnp.sourceforge.net/ChangeLog
---
Ping?
---
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for statu
Bugzilla
CVE-2015-8863 jq: heap-buffer-overflow in tokenadd() function
bugzilla·2016-04-20·CVSS 9.8
CVE-2015-8863 [CRITICAL] CVE-2015-8863 jq: heap-buffer-overflow in tokenadd() function
CVE-2015-8863 jq: heap-buffer-overflow in tokenadd() function
A vulnerability was found in jq. There was an off-by one error, as the NUL terminator byte was not allocated on resize. A maliciously crafted JSON file could cause the application to crash.
External references:
https://github.com/stedolan/jq/issues/995
Upstream fix:
https://github.com/stedolan/jq/commit/8eb1367ca44e772963e704a700ef72ae2e12babd
References(reproducer available):
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802231
Discussion:
Created jq tracking bugs for this issue:
Affects: fedora-all [bug 1328748]
Affects: epel-6 [bug 1328749]
Affects: epel-7 [bug 1328750]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7
Via RHSA-2016
http://www.securityfocus.com/bid/92849https://security.gentoo.org/glsa/201701-52https://sourceforge.net/p/pupnp/bugs/133/https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLoghttps://www.debian.org/security/2016/dsa-3736https://www.tenable.com/security/research/tra-2017-10http://www.securityfocus.com/bid/92849https://security.gentoo.org/glsa/201701-52https://sourceforge.net/p/pupnp/bugs/133/https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLoghttps://www.debian.org/security/2016/dsa-3736https://www.tenable.com/security/research/tra-2017-10
2017-03-07
Published