CVE-2012-5962

Name of the Vulnerable Software and Affected Versions libupnp versions 1.3.1

Description The issue affects the libupnp package in Debian GNU/Linux, potentially leading to breaches in confidentiality, integrity, and availability of protected information. Exploitation can occur remotely. A stack-based buffer overflow in the unique service name function allows remote attackers to execute arbitrary code via a long DeviceType field in a UDP packet.

Recommendations For libupnp version 1.3.1, consider disabling the unique service name function as a temporary workaround until a patch is available. Restrict access to the SSDP parser in the portable SDK for UPnP Devices to minimize the risk of exploitation. Avoid using long DeviceType fields in UDP packets until the issue is resolved.