Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2016-8863

Опубликовано: 07 мар. 2017
Источник: ubuntu
Приоритет: medium
EPSS Средний
CVSS2: 7.5
CVSS3: 9.8

Описание

Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an SUBSCRIBE request.

РелизСтатусПримечание
artful

ignored

end of life
bionic

not-affected

1:1.6.22-1
cosmic

not-affected

1:1.6.22-1
devel

DNE

disco

DNE

eoan

DNE

esm-apps/bionic

not-affected

1:1.6.22-1
esm-apps/xenial

released

1:1.6.19+git20160116-1ubuntu0.1~esm1
esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was released [1:1.6.17-1.2+deb7u2build0.14.04.1]]
esm-infra/focal

DNE

Показывать по

РелизСтатусПримечание
artful

DNE

bionic

DNE

cosmic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was released [1.8.0~svn20100507-1.2+deb7u1build0.14.04.1]]
esm-infra/focal

DNE

focal

DNE

groovy

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 96%
0.24433
Средний

7.5 High

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

nvd логотип

CVE-2016-8863

CVSS3: 9.8
nvd
почти 9 лет назад

Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an SUBSCRIBE request.

debian логотип

CVE-2016-8863

CVSS3: 9.8
debian
почти 9 лет назад

Heap-based buffer overflow in the create_url_list function in gena/gen ...

github логотип

GHSA-4cjm-5fqc-2f6p

CVSS3: 9.8
github
больше 3 лет назад

Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an SUBSCRIBE request.

suse-cvrf логотип

openSUSE-SU-2017:1485-1

suse-cvrf
больше 8 лет назад

Security update for libupnp

EPSS

Процентиль: 96%
0.24433
Средний

7.5 High

CVSS2

9.8 Critical

CVSS3