CVE-2020-13848

Name
CVE-2020-13848
Description
Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0
Third Party Advisory https://github.com/pupnp/pupnp/issues/177
Mailing List https://lists.debian.org/debian-lts-announce/2020/06/msg00006.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00030.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00033.html
MLIST https://lists.debian.org/debian-lts-announce/2021/03/msg00007.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:libupnp_project:libupnp:*:*:*:*:*:*:*:* libupnp >= None <= 1.12.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status