CVE-2020-13848

Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.

Weakness

The product dereferences a pointer that it expects to be valid but is NULL.

Affected Software

Name	Vendor	Start Version	End Version
Libupnp	Libupnp_project	*	1.12.1 (including)
Libupnp	Ubuntu	bionic	*
Libupnp	Ubuntu	trusty	*
Libupnp	Ubuntu	xenial	*
Pupnp-1.8	Ubuntu	bionic	*
Pupnp-1.8	Ubuntu	eoan	*
Pupnp-1.8	Ubuntu	focal	*
Pupnp-1.8	Ubuntu	groovy	*
Pupnp-1.8	Ubuntu	hirsute	*
Pupnp-1.8	Ubuntu	impish	*
Pupnp-1.8	Ubuntu	kinetic	*
Pupnp-1.8	Ubuntu	lunar	*
Pupnp-1.8	Ubuntu	trusty	*

Potential Mitigations

References

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00030.html
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00033.html
https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0
https://github.com/pupnp/pupnp/issues/177
https://lists.debian.org/debian-lts-announce/2020/06/msg00006.html
https://lists.debian.org/debian-lts-announce/2021/03/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00030.html
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00033.html
https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0
https://github.com/pupnp/pupnp/issues/177
https://lists.debian.org/debian-lts-announce/2020/06/msg00006.html
https://lists.debian.org/debian-lts-announce/2021/03/msg00007.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-13848
CWE	https://cwe.mitre.org/data/definitions/476.html

NULL Pointer Dereference

Weakness

Affected Software

Potential Mitigations

References