CVE-2012-5960 in portable SDK for UPnPinfo

Summary

by MITRE

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN (aka upnp:rootdevice) field in a UDP packet.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 06/30/2025

The vulnerability identified as CVE-2012-5960 represents a critical stack-based buffer overflow within the portable SDK for UPnP Devices commonly known as libupnp or the Intel SDK for UPnP devices. This flaw exists specifically within the unique_service_name function located in the ssdp/ssdp_server.c file, which processes Simple Service Discovery Protocol packets. The vulnerability affects versions prior to 1.6.18 of the library, making it a long-standing issue that could potentially be exploited by remote attackers without requiring any authentication or privileges.

The technical implementation of this vulnerability stems from inadequate input validation within the SSDP parser component of libupnp. When processing UDP packets containing UPnP root device information, the unique_service_name function fails to properly bounds-check the UDN (Unique Device Name) field, which is typically formatted as upnp:rootdevice. The function allocates a fixed-size buffer on the stack and directly copies user-supplied data from the UDN field without verifying that the input length exceeds the allocated buffer capacity. This classic buffer overflow condition occurs because the function does not implement proper length validation or sanitization of the incoming UDN data, allowing attackers to overwrite adjacent stack memory locations.

The operational impact of this vulnerability extends beyond simple denial of service scenarios, as it provides remote attackers with the capability to execute arbitrary code on affected systems. The stack-based buffer overflow can be exploited through carefully crafted UDP packets sent to devices running vulnerable versions of libupnp, potentially enabling attackers to gain unauthorized access to networked devices, escalate privileges, or establish persistent backdoors. This vulnerability is particularly concerning in networked environments where UPnP services are enabled, as it can be exploited by attackers who are not physically present on the network, making it a significant threat to both consumer and enterprise network security.

Mitigation strategies for CVE-2012-5960 should prioritize immediate patching of affected systems to upgrade to libupnp version 1.6.18 or later, which contains the necessary fixes for the buffer overflow condition. Network administrators should implement firewall rules to restrict UDP traffic on port 1900, which is the standard port used by SSDP services, thereby reducing the attack surface. Additionally, security monitoring should be enhanced to detect unusual patterns of SSDP traffic that might indicate exploitation attempts. Organizations should also consider implementing network segmentation and access controls to limit the potential impact of successful exploitation. This vulnerability aligns with CWE-121 Stack-based Buffer Overflow, which is classified under the broader category of buffer overflow vulnerabilities, and represents a common attack vector that could be mapped to ATT&CK technique T1059.007 for execution through command and scripting interpreter, particularly when attackers leverage the overflow to execute malicious code on vulnerable systems.

Reservation

11/21/2012

Disclosure

01/31/2013

Moderation

accepted

Entry

VDB-63475

CPE

ready

Exploit

Download

EPSS

0.32627

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!