VIR Vulnerability Intelligence Relay

CVE-2012-5959

critical
Published 2013-01-31 · Modified 2026-04-29
CVSS v3
CVSS v2
10.0
VIR risk
10.0

Description

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN (aka uuid) field within a string that contains a :: (colon colon) in a UDP packet.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cret@cert.org — http://www.kb.cert.org/vuls/id/922681

Application impact
VendorProductVersionsFixed
portable_sdk_for_upnp_projectportable_sdk_for_upnp{"endIncluding":"1.6.17"}
portable_sdk_for_upnp_projectportable_sdk_for_upnp1.4.0
portable_sdk_for_upnp_projectportable_sdk_for_upnp1.4.1
portable_sdk_for_upnp_projectportable_sdk_for_upnp1.4.2
portable_sdk_for_upnp_projectportable_sdk_for_upnp1.4.3
portable_sdk_for_upnp_projectportable_sdk_for_upnp1.4.4
portable_sdk_for_upnp_projectportable_sdk_for_upnp1.4.5
portable_sdk_for_upnp_projectportable_sdk_for_upnp1.4.6
portable_sdk_for_upnp_projectportable_sdk_for_upnp1.4.7
portable_sdk_for_upnp_projectportable_sdk_for_upnp1.6.0
portable_sdk_for_upnp_projectportable_sdk_for_upnp1.6.1
portable_sdk_for_upnp_projectportable_sdk_for_upnp1.6.2
portable_sdk_for_upnp_projectportable_sdk_for_upnp1.6.3
portable_sdk_for_upnp_projectportable_sdk_for_upnp1.6.4
portable_sdk_for_upnp_projectportable_sdk_for_upnp1.6.5
portable_sdk_for_upnp_projectportable_sdk_for_upnp1.6.6
portable_sdk_for_upnp_projectportable_sdk_for_upnp1.6.7
portable_sdk_for_upnp_projectportable_sdk_for_upnp1.6.8
portable_sdk_for_upnp_projectportable_sdk_for_upnp1.6.9
portable_sdk_for_upnp_projectportable_sdk_for_upnp1.6.10
portable_sdk_for_upnp_projectportable_sdk_for_upnp1.6.11
portable_sdk_for_upnp_projectportable_sdk_for_upnp1.6.12
portable_sdk_for_upnp_projectportable_sdk_for_upnp1.6.13
portable_sdk_for_upnp_projectportable_sdk_for_upnp1.6.14
portable_sdk_for_upnp_projectportable_sdk_for_upnp1.6.15
portable_sdk_for_upnp_projectportable_sdk_for_upnp1.6.16

References

CWEs

CWE-119

Verify integrity in audit chain (admin only). AS-IS.