FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
244c8288-cc4a-11e6-a475-bcaec524bf84upnp -- multiple vulnerabilities

Matthew Garett reports:

Reported this to upstream 8 months ago without response, so: libupnp's default behaviour allows anyone to write to your filesystem. Seriously. Find a device running a libupnp based server (Shodan says there's rather a lot), and POST a file to /testfile. Then GET /testfile ... and yeah if the server is running as root (it is) and is using / as the web root (probably not, but maybe) this gives full host fs access.

Scott Tenaglia reports:

There is a heap buffer overflow vulnerability in the create_url_list function in upnp/src/gena/gena_device.c.


Discovery 2016-02-23
Entry 2016-12-27
upnp
< 1.6.21

https://twitter.com/mjg59/status/755062278513319936
https://sourceforge.net/p/pupnp/bugs/133/
CVE-2016-6255
CVE-2016-8863
a23871f6-059b-11eb-8758-e0d55e2a8bf9upnp -- denial of service (crash)

CVE mitre reports:

Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.


Discovery 2020-06-04
Entry 2020-10-03
upnp
< 1.12.1_1,1

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13848
https://nvd.nist.gov/vuln/detail/CVE-2020-13848
https://github.com/pupnp/pupnp/issues/177
https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0
CVE-2020-13848
79fa9f23-9725-11eb-b530-7085c2fb2c14upnp -- stack overflow vulnerability

Mitre reports:

A stack overflow in pupnp 1.16.1 can cause the denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a child node recursively, which will consume stack space and lead to a crash.


Discovery 2021-03-12
Entry 2021-04-06
upnp
< 1.14.5,1

CVE-2021-28302
https://github.com/pupnp/pupnp/issues/249