CVE-2012-5960

Name of the Vulnerable Software and Affected Versions libupnp versions prior to 1.6.18

Description The issue concerns multiple vulnerabilities in the libupnp package, which can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. A specific vulnerability is a stack-based buffer overflow in the unique service name function, allowing remote attackers to execute arbitrary code via a long UDN field in a UDP packet.

Recommendations For versions prior to 1.6.18, update to version 1.6.18 or later to resolve the issue. As a temporary workaround, consider restricting access to the SSDP parser to minimize the risk of exploitation. Avoid using the unique service name function in the affected SSDP parser until the issue is resolved.