CVE-2016-8863

Priority
Description
Heap-based buffer overflow in the create_url_list function in
gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows
remote attackers to cause a denial of service (crash) or possibly execute
arbitrary code via a valid URI followed by an invalid one in the CALLBACK
header of an SUBSCRIBE request.
Ubuntu-Description
It was discovered that libupnp mishandled certain input. A remote attacker
could use this vulnerability to cause a denial of service (crash) or possibly
execute arbitrary code.
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [1:1.6.17-1.2+deb7u2build0.14.04.1])
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1:1.6.22-1)
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [1.8.0~svn20100507-1.2+deb7u1build0.14.04.1])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
More Information

Updated: 2020-04-24 03:34:05 UTC (commit d3f8a6ed481830fb100109a132bef581fc4176fe)