{"id":"CVE-2020-13848","details":"Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.","modified":"2026-04-16T04:40:20.428892804Z","published":"2020-06-04T20:15:12.050Z","related":["openSUSE-SU-2020:0805-1","openSUSE-SU-2020:0821-1"],"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00030.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00033.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2021/03/msg00007.html"},{"type":"ADVISORY","url":"https://github.com/pupnp/pupnp/issues/177"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00006.html"},{"type":"FIX","url":"https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pupnp/pupnp","events":[{"introduced":"0"},{"last_affected":"2251e8c750023516bd9691b7ed510c8e16fc32de"},{"fixed":"c805c1de1141cb22f74c0d94dd5664bda37398e0"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.12.1"}]}}],"versions":["last_svn_trunk","release-1.10.0","release-1.10.1","release-1.12.0","release-1.12.1","release-1.8.0","release-1.8.1","release-1.8.2","release-1.8.3","release-1.8.4"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]}],"vanir_signatures_modified":"2026-04-11T21:19:49Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13848.json","vanir_signatures":[{"id":"CVE-2020-13848-311146f5","deprecated":false,"signature_type":"Function","target":{"function":"FindServiceControlURLPath","file":"upnp/src/genlib/service_table/service_table.c"},"source":"https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0","signature_version":"v1","digest":{"function_hash":"79463571561584144062505277369637722696","length":475}},{"id":"CVE-2020-13848-dcef5ef7","deprecated":false,"signature_type":"Line","target":{"file":"upnp/src/genlib/service_table/service_table.c"},"source":"https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0","signature_version":"v1","digest":{"line_hashes":["254190529166817382807138848221914790031","214114083820680281622544672170266650654","301047464421182607895720242849431359365","81402943769641128951445229135463046269","268095423369924427596958001589388859892","121601122071212668283904319526969823011","207533361033881441935682368798047477810","143810042312871380632822820588424683675","243103399775605709484282410288451755090","13462379172236721427370051320848755901","48730471418428396989306607678967666370","40318774815897256245049286170377712276"],"threshold":0.9}},{"id":"CVE-2020-13848-dd9633ea","deprecated":false,"signature_type":"Function","target":{"function":"FindServiceEventURLPath","file":"upnp/src/genlib/service_table/service_table.c"},"source":"https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0","digest":{"function_hash":"278608183070523950197306677034382698640","length":469},"signature_version":"v1"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}