CVE-2021-28302

A stack overflow in pupnp before version 1.14.5 can cause the denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a child node recursively, which will consume stack space and lead to a crash.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
pupnp_projectpupnp
𝑥
< 1.14.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pupnp
sid
1:1.14.19-2
fixed
trixie
1:1.14.19-2
fixed
bookworm
no-dsa
bullseye
no-dsa
buster
no-dsa
stretch
no-dsa
pupnp-1.8
bookworm
no-dsa
bullseye
no-dsa
buster
no-dsa
stretch
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libupnp
noble
dne
mantic
dne
lunar
dne
kinetic
dne
jammy
dne
impish
dne
hirsute
dne
groovy
dne
focal
dne
bionic
needed
xenial
needed
trusty
dne
mediatomb
noble
dne
mantic
dne
lunar
dne
kinetic
dne
jammy
dne
impish
dne
hirsute
dne
groovy
dne
focal
dne
bionic
dne
xenial
needed
trusty
dne
pupnp-1.8
noble
dne
mantic
dne
lunar
ignored
kinetic
ignored
jammy
needed
impish
ignored
hirsute
ignored
groovy
ignored
focal
needed
bionic
needed
xenial
dne
trusty
dne
Common Weakness Enumeration
References
https://github.com/pupnp/pupnp/issues/249
https://github.com/pupnp/pupnp/releases/tag/release-1.14.5
https://github.com/pupnp/pupnp/issues/249
https://github.com/pupnp/pupnp/releases/tag/release-1.14.5