CVE-2012-5958 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2012-5958 Interim 1 11 2024-09-12T02:20:38Z current 2021-05-30T13:07:37Z 2024-09-12T02:20:38Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2012-5958 Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string that is not properly handled after a certain pointer subtraction. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 15.2 openSUSE Tumbleweed libupnp-devel-1.6.19-1.8 libupnp6-1.6.19-1.8 libupnp6-1.6.25-lp152.4.1 libupnp6-32bit-1.6.19-1.8 libupnp6-1.6.25-lp152.4.1 as a component of openSUSE Leap 15.2 libupnp-devel-1.6.19-1.8 as a component of openSUSE Tumbleweed libupnp6-1.6.19-1.8 as a component of openSUSE Tumbleweed libupnp6-32bit-1.6.19-1.8 as a component of openSUSE Tumbleweed Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string that is not properly handled after a certain pointer subtraction. CVE-2012-5958 openSUSE Leap 15.2:libupnp6-1.6.25-lp152.4.1 openSUSE Tumbleweed:libupnp-devel-1.6.19-1.8 openSUSE Tumbleweed:libupnp6-1.6.19-1.8 openSUSE Tumbleweed:libupnp6-32bit-1.6.19-1.8 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C