{"id":"CVE-2016-8863","details":"Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an SUBSCRIBE request.","modified":"2026-04-16T06:16:14.705898901Z","published":"2017-03-07T16:59:01.493Z","related":["openSUSE-SU-2024:11006-1"],"references":[{"type":"WEB","url":"https://www.tenable.com/security/research/tra-2017-10"},{"type":"WEB","url":"http://www.securityfocus.com/bid/92849"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201701-52"},{"type":"ADVISORY","url":"https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLog"},{"type":"ADVISORY","url":"https://www.debian.org/security/2016/dsa-3736"},{"type":"REPORT","url":"https://sourceforge.net/p/pupnp/bugs/133/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pupnp/pupnp","events":[{"introduced":"0"},{"last_affected":"019095d79f8c7227f53ad11ac2013fb9b8d3dd94"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.6.20"}]}}],"versions":["last_svn_1.6.x","release-1.6.10","release-1.6.11","release-1.6.12","release-1.6.13","release-1.6.14","release-1.6.15","release-1.6.16","release-1.6.17","release-1.6.18","release-1.6.19","release-1.6.20","release-1.6.7","release-1.6.8","release-1.6.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-8863.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}