CVE-2016-8863critical
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an SUBSCRIBE request.
References
http://www.securityfocus.com/bid/92849
https://security.gentoo.org/glsa/201701-52
https://sourceforge.net/p/pupnp/bugs/133/
https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLog
Details
Source: MITRE
Published: 2017-03-07
Updated: 2017-11-03
Type: CWE-119
Risk Information
CVSS v2
Base Score: 7.5
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 10
Severity: HIGH
CVSS v3
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 3.9
Severity: CRITICAL
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:libupnp_project:libupnp:*:*:*:*:*:*:*:* versions up to 1.6.20 (inclusive)
Configuration 2
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 101590 | Fedora 26 : libupnp (2017-23535a31f8) | Nessus | Fedora Local Security Checks | critical |
| 100612 | openSUSE Security Update : libupnp (openSUSE-2017-650) | Nessus | SuSE Local Security Checks | critical |
| 97702 | Fedora 24 : libupnp (2017-3bd0b2e2c0) | Nessus | Fedora Local Security Checks | critical |
| 97674 | Fedora 25 : libupnp (2017-2c29702300) | Nessus | Fedora Local Security Checks | critical |
| 96687 | GLSA-201701-52 : libupnp: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
| 96163 | FreeBSD : upnp -- multiple vulnerabilities (244c8288-cc4a-11e6-a475-bcaec524bf84) | Nessus | FreeBSD Local Security Checks | critical |
| 96015 | Debian DSA-3736-1 : libupnp - security update | Nessus | Debian Local Security Checks | critical |
| 96009 | Debian DLA-748-1 : libupnp4 security update | Nessus | Debian Local Security Checks | critical |
| 96008 | Debian DLA-747-1 : libupnp security update | Nessus | Debian Local Security Checks | critical |