[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
libupnp package vulnerable to CVE-2021-28302
From: |
Léo Le Bouter |
Subject: |
libupnp package vulnerable to CVE-2021-28302 |
Date: |
Sat, 13 Mar 2021 02:12:45 +0100 |
User-agent: |
Evolution 3.34.2 |
CVE-2021-28302 12.03.21 16:15
A stack overflow in pupnp 1.16.1 can cause the denial of service
through the Parser_parseDocument() function. ixmlNode_free() will
release a child node recursively, which will consume stack space and
lead to a crash.
Upstream did not provide a patch yet, see <
https://github.com/pupnp/pupnp/issues/249>.
I suggest we wait for the patch to be made and then update, to be
monitored.
signature.asc
Description: This is a digitally signed message part
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- libupnp package vulnerable to CVE-2021-28302,
Léo Le Bouter <=