I'm forwarding this to [email protected] so that it won't be forgotten. Mark
-------------------- Start of forwarded message -------------------- Subject: libupnp package vulnerable to CVE-2021-28302 From: Léo Le Bouter <[email protected]> To: [email protected] Date: Sat, 13 Mar 2021 02:12:45 +0100
CVE-2021-28302 12.03.21 16:15 A stack overflow in pupnp 1.16.1 can cause the denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a child node recursively, which will consume stack space and lead to a crash. Upstream did not provide a patch yet, see < https://github.com/pupnp/pupnp/issues/249>. I suggest we wait for the patch to be made and then update, to be monitored.
signature.asc
Description: This is a digitally signed message part
-------------------- End of forwarded message --------------------
