ALT-PU-2021-4751-1
Package libupnp updated to version 1.14.12-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
BDU:2021-01679
Уязвимость функции Parser_parseDocument() набора средств для UPnP устройств PUPnP, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-03726
Уязвимость функций FindServiceControlURLPath и FindServiceEventURLPath библиотеки для разработки программного обеспечения Portable UPnP SDK, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-13848
Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.
- openSUSE-SU-2020:0821
- openSUSE-SU-2020:0805
- https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0
- https://github.com/pupnp/pupnp/issues/177
- [debian-lts-announce] 20200608 [SECURITY] [DLA 2238-1] libupnp security update
- [debian-lts-announce] 20210307 [SECURITY] [DLA 2585-1] libupnp security update
- openSUSE-SU-2020:0821
- [debian-lts-announce] 20210307 [SECURITY] [DLA 2585-1] libupnp security update
- [debian-lts-announce] 20200608 [SECURITY] [DLA 2238-1] libupnp security update
- https://github.com/pupnp/pupnp/issues/177
- https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0
- openSUSE-SU-2020:0805
Modified: 2024-11-21
CVE-2021-28302
A stack overflow in pupnp before version 1.14.5 can cause the denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a child node recursively, which will consume stack space and lead to a crash.