{"id":"CVE-2016-6255","details":"Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler.","modified":"2026-04-16T06:16:23.942063326Z","published":"2017-03-07T16:59:00.743Z","related":["openSUSE-SU-2024:11006-1"],"references":[{"type":"WEB","url":"https://www.exploit-db.com/exploits/40589/"},{"type":"WEB","url":"https://www.tenable.com/security/research/tra-2017-10"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201701-52"},{"type":"ADVISORY","url":"https://twitter.com/mjg59/status/755062278513319936"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3736"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/92050"},{"type":"ADVISORY","url":"https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLog"},{"type":"FIX","url":"https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2016/07/18/13"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2016/07/20/5"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mjg59/pupnp-code","events":[{"introduced":"0"},{"fixed":"be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd"}]},{"type":"GIT","repo":"https://github.com/pupnp/pupnp","events":[{"introduced":"0"},{"last_affected":"019095d79f8c7227f53ad11ac2013fb9b8d3dd94"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.6.20"}]}}],"versions":["last_svn_1.6.x","release-1.6.10","release-1.6.11","release-1.6.12","release-1.6.13","release-1.6.14","release-1.6.15","release-1.6.16","release-1.6.17","release-1.6.18","release-1.6.19","release-1.6.20","release-1.6.7","release-1.6.8","release-1.6.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-6255.json","vanir_signatures_modified":"2026-04-11T04:02:26Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]}],"vanir_signatures":[{"source":"https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd","signature_version":"v1","digest":{"function_hash":"212251749395148867721629458307923964863","length":2541},"id":"CVE-2016-6255-7740797d","deprecated":false,"target":{"function":"http_RecvPostMessage","file":"upnp/src/genlib/net/http/webserver.c"},"signature_type":"Function"},{"signature_type":"Line","target":{"file":"upnp/src/genlib/net/http/webserver.c"},"digest":{"line_hashes":["84418285040388207588986487673792281868","66730018829465562609055539162208265760","28942761826591058533852300092857965294","228902641696458123845140305949883135080","137134906439484352414626189625222104624","116622230184875046664787740408048326301","249006178772565463612952829024447696485"],"threshold":0.9},"id":"CVE-2016-6255-a6ab9dd3","deprecated":false,"signature_version":"v1","source":"https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}