Home > Vulnerability Database > CVE-2012-5960

Mend.io Vulnerability Database

CVE-2012-5960

Good to know:

Date: January 31, 2013

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN (aka upnp:rootdevice) field in a UDP packet.

Language: C

Severity Score

5.6

Related Resources (16)

Url: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037

Url: http://www.debian.org/security/2013/dsa-2614

Url: http://www.debian.org/security/2013/dsa-2615

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2013:098

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2012-5960

Url: https://www.tenable.com/security/research/tra-2017-10

Url: https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf

Url: https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play

Url: https://nvd.nist.gov/vuln/detail/CVE-2012-5960

Url: http://www.securityfocus.com/bid/57602

Url: http://lists.opensuse.org/opensuse-updates/2013-02/msg00013.html

Url: http://pupnp.sourceforge.net/ChangeLog

Url: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp

Url: https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb

Url: http://www.kb.cert.org/vuls/id/922681

Url: https://www.mend.io/vulnerability-database/CVE-2012-5960

Severity Score

5.6

Weakness Type (CWE)

Buffer Errors

CWE-119

Top Fix

Upgrade Version

Upgrade to version release-1.8.0

Learn More

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	10.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2012-5960

Good to know:

Date: January 31, 2013

Language: C

Severity Score

Related Resources (16)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?