CVE-2019-14323

Опубликовано: 28 июл. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

SSDP Responder 1.x through 1.5 mishandles incoming network messages, leading to a stack-based buffer overflow by 1 byte. This results in a crash of the server, but only when strict stack checking is enabled. This is caused by an off-by-one error in ssdp_recv in ssdpd.c.

Ссылки

https://github.com/troglobit/ssdp-responder/commit/ce04b1f29a137198182f60bbb628d5ceb8171765
Patch
Third Party Advisory
https://github.com/troglobit/ssdp-responder/issues/1
Exploit
Issue Tracking
Patch
Third Party Advisory
https://github.com/troglobit/ssdp-responder/commit/ce04b1f29a137198182f60bbb628d5ceb8171765
Patch
Third Party Advisory
https://github.com/troglobit/ssdp-responder/issues/1
Exploit
Issue Tracking
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:simple_service_discovery_protocol_responder_project:simple_service_discovery_protocol_responder:*:*:*:*:*:*:*:*

Версия от 1.0 (включая) до 1.5 (включая)

EPSS

Процентиль: 53%

0.00297

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-193

Связанные уязвимости

GHSA-v6w6-5g29-2cp9

github

больше 3 лет назад