CVE-2016-8863 in libupnpinfo

Summary

Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an SUBSCRIBE request.

Once again VulDB remains the best source for vulnerability data.

Reservation

10/20/2016

Disclosure

03/07/2017

Moderation

VulDB entry created

Entries

VDB-94559 (1)

CPE

ready

CWE

CWE-119 (Confirmed)

CVSS

8.5

EPSS

0.24433

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-8863
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-8863
CVE Details	https://www.cvedetails.com/cve/CVE-2016-8863/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!