-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : libupnp Version : 1.6.19+git20141001-1+deb8u2 CVE ID : CVE-2020-13848 Debian Bug : 962282
libupnp, the portable SDK for UPnP Devices allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c. This crash can be triggered by sending a malformed SUBSCRIBE or UNSUBSCRIBE using any of the attached files. For Debian 8 "Jessie", this problem has been fixed in version 1.6.19+git20141001-1+deb8u2. We recommend that you upgrade your libupnp packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl7d78UACgkQhj1N8u2c KO9Uqg//ep4riyzeth3AoPZTqe1kVbCP6crL3YeWxNH5rSRcqI9Z2S2VZMwObsM3 NYeYTn5gR4R+h4PFY6UjcZnkNbIby43eG2C5AWvAhncdajG2B6y+h6QLeoMHVkq2 JkIalLNRRGHiu4nSxPv9ISkaEbxAQ+Cl+JFj/koBx/wpbl8ubwil5A1HfRLteC9K IuE6B5J+iYMQaQYlsXgnF+2jJ35UHy/OykDv047N4HXo/NaEgOTq/dr+EdKXTuHc FTuvvRcOWYhv91YahWrHEl/lYsFBXyMCoEtxZVE5BMQvMe5x8AuLCdBughsKa1f5 bxywXvUBQiG+1tBuavsFFnhsz4PjdxKa3WjtzK+Tm+dB4pjbI+aVxrHynUcKQz8W NA4Cu9QP06Cyn27JwMuIfjuzISzIZRYVHcYP0gBjt0oyfwQh6dqUOVpY5H2/0bbB iXD+f4JLN0a5bES5erPG1FqiqdrCTcOgCPtiSy+siCo66inp8SukOG3cnhWchuF5 JgaTQ4nRytn/XljZbhVrELEwB2QIzIbgCXVCWrix/AUJ1UKTj1rxX5HTzqzlld3Y EwyrqDHpz5vOxQmediIq3xe+wBcRbaxFsCwRGIQJQS23ogzxF+Z4qSg+1KdPRzLe dPLJRTfpbuJzHQIv1RdgF9GvlkXPOqqQ+C1/RFuAu+Rp7ECXzVE= =HQLu -----END PGP SIGNATURE-----
