{"id":"CVE-2020-13848","details":"Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.","modified":"2026-04-02T04:09:29.902308Z","published":"2020-06-04T20:15:12.050Z","related":["MGASA-2020-0270","openSUSE-SU-2020:0805-1","openSUSE-SU-2020:0821-1"],"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00030.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00033.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2021/03/msg00007.html"},{"type":"ADVISORY","url":"https://github.com/pupnp/pupnp/issues/177"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00006.html"},{"type":"FIX","url":"https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pupnp/pupnp","events":[{"introduced":"0"},{"last_affected":"2251e8c750023516bd9691b7ed510c8e16fc32de"},{"fixed":"c805c1de1141cb22f74c0d94dd5664bda37398e0"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.12.1"}]}}],"versions":["last_svn_1.6.x","last_svn_trunk","release-1.10.0","release-1.10.1","release-1.12.0","release-1.12.1","release-1.4.0","release-1.4.1","release-1.4.2","release-1.4.3","release-1.4.4","release-1.4.5","release-1.4.6","release-1.4.7","release-1.6.0","release-1.6.1","release-1.6.10","release-1.6.11","release-1.6.12","release-1.6.13","release-1.6.14","release-1.6.15","release-1.6.16","release-1.6.17","release-1.6.18","release-1.6.19","release-1.6.2","release-1.6.20","release-1.6.21","release-1.6.22","release-1.6.23","release-1.6.24","release-1.6.25","release-1.6.3","release-1.6.4","release-1.6.5","release-1.6.6","release-1.6.7","release-1.6.8","release-1.6.9","release-1.8.0","release-1.8.1","release-1.8.2","release-1.8.3","release-1.8.4","release-1.8.5","release-1.8.6","release-1.8.7"],"database_specific":{"vanir_signatures":[{"target":{"file":"upnp/src/genlib/service_table/service_table.c","function":"FindServiceControlURLPath"},"signature_version":"v1","source":"https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0","signature_type":"Function","deprecated":false,"id":"CVE-2020-13848-311146f5","digest":{"length":475,"function_hash":"79463571561584144062505277369637722696"}},{"target":{"file":"upnp/src/genlib/service_table/service_table.c"},"signature_version":"v1","source":"https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0","signature_type":"Line","deprecated":false,"id":"CVE-2020-13848-dcef5ef7","digest":{"threshold":0.9,"line_hashes":["254190529166817382807138848221914790031","214114083820680281622544672170266650654","301047464421182607895720242849431359365","81402943769641128951445229135463046269","268095423369924427596958001589388859892","121601122071212668283904319526969823011","207533361033881441935682368798047477810","143810042312871380632822820588424683675","243103399775605709484282410288451755090","13462379172236721427370051320848755901","48730471418428396989306607678967666370","40318774815897256245049286170377712276"]}},{"target":{"file":"upnp/src/genlib/service_table/service_table.c","function":"FindServiceEventURLPath"},"signature_version":"v1","source":"https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0","signature_type":"Function","deprecated":false,"id":"CVE-2020-13848-dd9633ea","digest":{"length":469,"function_hash":"278608183070523950197306677034382698640"}}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13848.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}