FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

upnp -- denial of service (crash)

Affected packages
upnp < 1.12.1_1,1

Details

VuXML ID a23871f6-059b-11eb-8758-e0d55e2a8bf9
Discovery 2020-06-04
Entry 2020-10-03

CVE mitre reports:

Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.

References

CVE Name CVE-2020-13848
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13848
URL https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0
URL https://github.com/pupnp/pupnp/issues/177
URL https://nvd.nist.gov/vuln/detail/CVE-2020-13848