|Category:||Debian Local Security Checks|
|Title:||Debian LTS: Security Advisory for libupnp (DLA-2238-1)|
|Summary:||The remote host is missing an update for the 'libupnp'; package(s) announced via the DLA-2238-1 advisory.|
The remote host is missing an update for the 'libupnp'
package(s) announced via the DLA-2238-1 advisory.
libupnp, the portable SDK for UPnP Devices allows remote attackers to
cause a denial of service (crash) via a crafted SSDP message due to a
NULL pointer dereference in the functions FindServiceControlURLPath
and FindServiceEventURLPath in genlib/service_table/service_table.c.
This crash can be triggered by sending a malformed SUBSCRIBE or
UNSUBSCRIBE using any of the attached files.
'libupnp' package(s) on Debian Linux.
For Debian 8 'Jessie', this problem has been fixed in version
We recommend that you upgrade your libupnp packages.
Common Vulnerability Exposure (CVE) ID: CVE-2020-13848|
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.