Source: pupnp-1.8 Version: 1:1.8.4-2 Severity: important Tags: security upstream Forwarded: https://github.com/pupnp/pupnp/issues/177
Hi, The following vulnerability was published for pupnp-1.8. CVE-2020-13848[0]: | Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote | attackers to cause a denial of service (crash) via a crafted SSDP | message due to a NULL pointer dereference in the functions | FindServiceControlURLPath and FindServiceEventURLPath in | genlib/service_table/service_table.c. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-13848 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13848 [1] https://github.com/pupnp/pupnp/issues/177 [2] https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0 Regards, Salvatore
