Vulnerability Description
Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an SUBSCRIBE request.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libupnp Project | Libupnp | <= 1.6.20 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/92849
- https://security.gentoo.org/glsa/201701-52
- https://sourceforge.net/p/pupnp/bugs/133/Issue TrackingThird Party Advisory
- https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLogRelease NotesThird Party Advisory
- https://www.debian.org/security/2016/dsa-3736Third Party Advisory
- https://www.tenable.com/security/research/tra-2017-10
- http://www.securityfocus.com/bid/92849
- https://security.gentoo.org/glsa/201701-52
- https://sourceforge.net/p/pupnp/bugs/133/Issue TrackingThird Party Advisory
- https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLogRelease NotesThird Party Advisory
- https://www.debian.org/security/2016/dsa-3736Third Party Advisory
- https://www.tenable.com/security/research/tra-2017-10
FAQ
What is CVE-2016-8863?
CVE-2016-8863 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possib...
How severe is CVE-2016-8863?
CVE-2016-8863 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-8863?
Check the references section above for vendor advisories and patch information. Affected products include: Libupnp Project Libupnp, Debian Debian Linux.