Red Hat Security Advisory 2021-1789-01 - GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible. GSSDP implements resource discovery and announcement over SSDP and is part of gUPnP.
0d15fc8159a2228c24e415032ab41c2ff7b6bc9c04ea5236cf30c530d6494763
Debian Linux Security Advisory 4898-1 - Several vulnerabilities have been discovered in wpa_supplicant and hostapd.
beda0161fb6dbecc5fa406f217cd58f29ad375739b5e967ada8225791a6d7572
Ubuntu Security Notice 4734-2 - USN-4734-1 fixed several vulnerabilities in wpa_supplicant. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that wpa_supplicant did not properly handle P2P group information in some situations, leading to a heap overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that hostapd did not properly handle UPnP subscribe messages in some circumstances. An attacker could use this to cause a denial of service. Various other issues were also addressed.
49410830b0c8b8841b939879c09f65434aed797cf17da754ead53d148a5e865f
Ubuntu Security Notice 4734-1 - It was discovered that wpa_supplicant did not properly handle P2P group information in some situations, leading to a heap overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that hostapd did not properly handle UPnP subscribe messages in some circumstances. An attacker could use this to cause a denial of service. Various other issues were also addressed.
da5ea348150c757a77c57580c53d55f823503da3fdee08a9926dcaf7bc16522c
Ubuntu Security Notice 4722-1 - It was discovered that ReadyMedia allowed subscription requests with a delivery URL on a different network segment than the fully qualified event-subscription URL. An attacker could use this to hijack smart devices and cause denial of service attacks. It was discovered that ReadyMedia allowed remote code execution. A remote attacker could send a malicious UPnP HTTP request to the service using HTTP chunked encoding and cause a denial of service.
03d575da1c0b2b220f45e07d15a6203a0a90208c813d66c4c2d55abf176f9e73
Debian Linux Security Advisory 4806-1 - It was discovered that missing input validation in minidlna, a lightweight DLNA/UPnP-AV server could result in the execution of arbitrary code. In addition minidlna was susceptible to the "CallStranger" UPnP vulnerability.
b7b80b0f3734909dfe21dcae6fd31eabfe56df3eb643835d5ebe4c724d7a784f
Ubuntu Security Notice 4494-1 - It was discovered that GUPnP incorrectly handled certain subscription requests. A remote attacker could possibly use this issue to exfiltrate data or use GUPnP to perform DDoS attacks.
d3875434bb5b4c21a1998c33ca3377de59ad32d63e34614ddb94c1795d6e9839
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. This tool checks for the vulnerability.
74417ee5e3a7179a22e86e5d705efe713b327750125d3e74e051f826677f640c