CVE-2012-5964

Name of the Vulnerable Software and Affected Versions libupnp versions 1.3.1

Description The issue is related to multiple vulnerabilities in the libupnp package, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. A specific vulnerability is a stack-based buffer overflow in the unique service name function, allowing remote attackers to execute arbitrary code via a long ServiceType field in a UDP packet.

Recommendations For libupnp version 1.3.1, consider disabling the unique service name function as a temporary workaround until a patch is available. Restrict access to the SSDP parser to minimize the risk of exploitation. Avoid using the ServiceType field in UDP packets until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.