Stack Overflow Vulnerability in pupnp prior to Version 1.14.5
CVE-2021-28302

7.5HIGH

Key Information:

Vendor: Pupnp Project
Status: Pupnp
Vendor: CVE Published:; 12 March 2021

🔔 Create Pupnp Project Vulnerability Alert

What is CVE-2021-28302?

The vulnerability in pupnp affects versions prior to 1.14.5, resulting from a stack overflow in the Parser_parseDocument() function. This issue arises when ixmlNode_free() recursively releases a child node, leading to excessive stack space consumption and potential crashes. Organizations using pupnp must upgrade to version 1.14.5 or later to mitigate this risk effectively.

References

https://github.com/pupnp/pupnp/issues/249

x_refsource_MISC

https://github.com/pupnp/pupnp/releases/tag/release-1.14.5

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 12, 2021
Vulnerability Reserved
Mar 12, 2021

CVE-2021-28302 Data

JSON