{ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2012-5958", "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { "product" : { "product_data" : [ { "product_name" : "n/a", "version" : { "version_data" : [ { "version_value" : "n/a" } ] } } ] }, "vendor_name" : "n/a" } ] } }, "data_format" : "MITRE", "data_type" : "CVE", "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", "value" : "Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string that is not properly handled after a certain pointer subtraction." } ] }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "eng", "value" : "n/a" } ] } ] }, "references" : { "reference_data" : [ { "name" : "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play", "refsource" : "MISC", "url" : "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play" }, { "name" : "https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf", "refsource" : "MISC", "url" : "https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf" }, { "name" : "https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb", "refsource" : "MISC", "url" : "https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb" }, { "name" : "https://www.tenable.com/security/research/tra-2017-10", "refsource" : "MISC", "url" : "https://www.tenable.com/security/research/tra-2017-10" }, { "name" : "http://pupnp.sourceforge.net/ChangeLog", "refsource" : "CONFIRM", "url" : "http://pupnp.sourceforge.net/ChangeLog" }, { "name" : "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf", "refsource" : "CONFIRM", "url" : "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf" }, { "name" : "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf", "refsource" : "CONFIRM", "url" : "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf" }, { "name" : "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf", "refsource" : "CONFIRM", "url" : "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf" }, { "name" : "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf", "refsource" : "CONFIRM", "url" : "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf" }, { "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037", "refsource" : "CONFIRM", "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037" }, { "name" : "20130129 Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities", "refsource" : "CISCO", "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp" }, { "name" : "DSA-2614", "refsource" : "DEBIAN", "url" : "http://www.debian.org/security/2013/dsa-2614" }, { "name" : "DSA-2615", "refsource" : "DEBIAN", "url" : "http://www.debian.org/security/2013/dsa-2615" }, { "name" : "MDVSA-2013:098", "refsource" : "MANDRIVA", "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:098" }, { "name" : "openSUSE-SU-2013:0255", "refsource" : "SUSE", "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00013.html" }, { "name" : "VU#922681", "refsource" : "CERT-VN", "url" : "http://www.kb.cert.org/vuls/id/922681" }, { "name" : "57602", "refsource" : "BID", "url" : "http://www.securityfocus.com/bid/57602" } ] } }