CVE-2016-8863

Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an SUBSCRIBE request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
VendorProductVersion
libupnp_projectlibupnp
𝑥
≤ 1.6.20
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libupnp
jammy
dne
impish
dne
hirsute
dne
groovy
dne
focal
dne
eoan
dne
disco
dne
cosmic
not-affected
bionic
not-affected
artful
ignored
zesty
ignored
yakkety
ignored
xenial
Fixed 1:1.6.19+git20160116-1ubuntu0.1~esm1
released
trusty
Fixed 1:1.6.17-1.2+deb7u2build0.14.04.1
released
precise
ignored
libupnp4
jammy
dne
impish
dne
hirsute
dne
groovy
dne
focal
dne
eoan
dne
disco
dne
cosmic
dne
bionic
dne
artful
dne
zesty
dne
yakkety
dne
xenial
dne
trusty
Fixed 1.8.0~svn20100507-1.2+deb7u1build0.14.04.1
released
precise
ignored
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/92849
https://security.gentoo.org/glsa/201701-52
https://sourceforge.net/p/pupnp/bugs/133/
https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLog
https://www.debian.org/security/2016/dsa-3736
https://www.tenable.com/security/research/tra-2017-10
http://www.securityfocus.com/bid/92849
https://security.gentoo.org/glsa/201701-52
https://sourceforge.net/p/pupnp/bugs/133/
https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLog
https://www.debian.org/security/2016/dsa-3736
https://www.tenable.com/security/research/tra-2017-10