CVE-2012-5965

CVSS 10.0 - HIGH
Description

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long DeviceType (aka urn device) field in a UDP packet.

Affected Products
1
Vendor Product Version
portable_sdk_for_upnp_project portable_sdk_for_upnp 1.3.1
References
http://pupnp.sourceforge.net/ChangeLog
http://tools.cisco.com/security/center/content/Cis...
http://www.debian.org/security/2013/dsa-2614
http://www.debian.org/security/2013/dsa-2615
http://www.kb.cert.org/vuls/id/922681
http://www.mandriva.com/security/advisories?name=M...
http://www.securityfocus.com/bid/57602
https://community.rapid7.com/community/infosec/blo...
https://community.rapid7.com/servlet/JiveServlet/d...
https://community.rapid7.com/servlet/servlet.FileD...
https://wiki.mageia.org/en/Support/Advisories/MGAS...
http://pupnp.sourceforge.net/ChangeLog
http://tools.cisco.com/security/center/content/Cis...
http://www.debian.org/security/2013/dsa-2614
http://www.debian.org/security/2013/dsa-2615
http://www.kb.cert.org/vuls/id/922681
http://www.mandriva.com/security/advisories?name=M...
http://www.securityfocus.com/bid/57602
https://community.rapid7.com/community/infosec/blo...
https://community.rapid7.com/servlet/JiveServlet/d...
Weakness Types
CWE-119
CVE Information
CVE ID:
CVE-2012-5965
Published:
2013-01-31
Modified:
2026-04-29
CVSS Score:
10.0
Severity:
HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Vendors
portable_sdk_for_upnp_project
Quick Actions
View on NVD Find Similar CVEs
CVSS Severity Scale
0.0 - 3.9 LOW
4.0 - 6.9 MEDIUM
7.0 - 8.9 HIGH
9.0 - 10.0 CRITICAL