CVE-2016-8863 PoC — Portable UPnP SDK 缓冲区错误漏洞

Source

https://github.com/mephi42/CVE-2016-8863

Associated Vulnerability

Title:Portable UPnP SDK 缓冲区错误漏洞 (CVE-2016-8863)
Description:Portable UPnP SDK（又名libupnp）是一个便携式开源的提供了API和开源代码的UPnP开发工具包。 Portable UPnP SDK 1.6.21之前的版本中的gena/gena_device.c文件的‘create_url_list’函数存在基于堆的缓冲区溢出漏洞。远程攻击者可利用该漏洞造成拒绝服务（崩溃）或执行任意代码。

Description

CTFs are fun, but what about exploiting a real bug?

Readme

# Targets

pupnp [release-1.6.18](https://github.com/pupnp/pupnp/tree/release-1.6.18) ...

* ... running on [i386 Ubuntu 16.04](i386-xenial).

# Fix

commit [9c099c2923ab](https://github.com/pupnp/pupnp/commit/9c099c2923ab)
("Fix out-of-bound access in create_url_list() (CVE-2016-8863)").

File Snapshot


 [4.0K]  /data/pocs/a75891b0ca7d42a7f41f3af449d9525a25cd3ce6
├── [4.0K]  i386-xenial
│   ├── [  92]  build
│   ├── [4.4K]  exploit
│   ├── [4.0K]  image
│   │   └── [1.5K]  Dockerfile
│   └── [ 332]  run
├── [4.0K]  pupnp
└── [ 290]  README.md

3 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!