CVE-2021-28302 - log back

CVE-2021-28302 edited at 06 Apr 2021 19:08:16
Description
- A stack overflow in libupnp 1.14.2 can cause denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a child node recursively, which will consume stack space and lead to a crash.
+ A stack overflow in libupnp up to version 1.14.4 can cause denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a child node recursively, which will consume stack space and lead to a crash. The issue is fixed in libupnp version 1.14.5 by implementing ixmlNode_free() in a non-recursive way.
CVE-2021-28302 edited at 06 Apr 2021 19:06:52
References
https://github.com/pupnp/pupnp/issues/249
+ https://github.com/pupnp/pupnp/pull/306
+ https://github.com/pupnp/pupnp/commit/af1f8bc1f8e9f7c60a328fce1228265df53241ba
+ https://github.com/pupnp/pupnp/commit/c279fd3bc914f8141907680b9532f54cb2a6aec6
CVE-2021-28302 edited at 12 Mar 2021 22:54:02
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ A stack overflow in libupnp 1.14.2 can cause denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a child node recursively, which will consume stack space and lead to a crash.
References
+ https://github.com/pupnp/pupnp/issues/249
Notes
CVE-2021-28302 created at 12 Mar 2021 22:51:48