libupnp package vulnerable to CVE-2021-28302

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

libupnp package vulnerable to CVE-2021-28302

From:	Léo Le Bouter
Subject:	libupnp package vulnerable to CVE-2021-28302
Date:	Sat, 13 Mar 2021 02:12:45 +0100
User-agent:	Evolution 3.34.2

CVE-2021-28302  12.03.21 16:15
A stack overflow in pupnp 1.16.1 can cause the denial of service
through the Parser_parseDocument() function. ixmlNode_free() will
release a child node recursively, which will consume stack space and
lead to a crash.

Upstream did not provide a patch yet, see <
https://github.com/pupnp/pupnp/issues/249>.

I suggest we wait for the patch to be made and then update, to be
monitored.

signature.asc
Description: This is a digitally signed message part

[Prev in Thread]

Current Thread

[Next in Thread]

libupnp package vulnerable to CVE-2021-28302, Léo Le Bouter <=

Prev by Date: regression: “guix pack” Docker images no longer work on AWS
Next by Date: gnutls package may be vulnerable to CVE-2021-20232
Previous by thread: regression: “guix pack” Docker images no longer work on AWS
Next by thread: gnutls package may be vulnerable to CVE-2021-20232
Index(es):
- Date
- Thread