CVE-2021-28302 – This CVE describes a stack overflow vulnerabili... (How to Fix)

Q: What is the severity of CVE-2021-28302?

CVE-2021-28302 has a CVSS score of 7.5 (HIGH). This CVE describes a stack overflow vulnerability in the pupnp library's XML parser that can be triggered by maliciously crafted documents. When exploited, it causes denial of service through recursive node cleanup that consumes all available stack space and crashes the application. Any system using vulnerable versions of pupnp (commonly found in UPnP implementations for media servers, IoT devices, and network services) is affected.

📋 TL;DR

This CVE describes a stack overflow vulnerability in the pupnp library's XML parser that can be triggered by maliciously crafted documents. When exploited, it causes denial of service through recursive node cleanup that consumes all available stack space and crashes the application. Any system using vulnerable versions of pupnp (commonly found in UPnP implementations for media servers, IoT devices, and network services) is affected.

💻 Affected Systems

Products:

pupnp library
Any software using vulnerable pupnp versions

Versions: All versions before 1.14.5

Operating Systems: All platforms running pupnp

Default Config Vulnerable: ⚠️ Yes

Notes: Any application using the vulnerable XML parsing functionality is affected regardless of configuration.

📦 What is this software?

Pupnp by Pupnp Project

View all CVEs affecting Pupnp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption through application crash, potentially affecting dependent services and requiring manual intervention to restore functionality.

🟠

Likely Case

Denial of service causing application crashes and service interruptions when processing malicious XML content.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring; crashes would be contained and quickly detected.

🌐 Internet-Facing: MEDIUM - Exploitation requires sending malicious XML to the vulnerable service, but many UPnP implementations are internet-facing.

🏢 Internal Only: LOW - Requires network access to the vulnerable service and specific XML payload delivery.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending specially crafted XML to the vulnerable service but doesn't require authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.14.5 and later

Vendor Advisory: https://github.com/pupnp/pupnp/releases/tag/release-1.14.5

Restart Required: Yes

Instructions:

1. Download pupnp version 1.14.5 or later from GitHub. 2. Replace existing installation with patched version. 3. Recompile any applications using the library. 4. Restart affected services.

🔧 Temporary Workarounds

Disable XML parsing if unused

all

If XML parsing functionality is not required, disable or restrict access to the vulnerable component.

Network segmentation

linux

Restrict network access to services using pupnp to trusted sources only.

iptables -A INPUT -p tcp --dport [UPNP_PORT] -s [TRUSTED_NETWORK] -j ACCEPT
iptables -A INPUT -p tcp --dport [UPNP_PORT] -j DROP

🧯 If You Can't Patch

Implement strict network filtering to limit access to vulnerable services
Deploy monitoring and alerting for application crashes or abnormal termination

🔍 How to Verify

Check if Vulnerable:

Check pupnp version with 'pkg-config --modversion libupnp' or examine library files for version strings.

Check Version:

pkg-config --modversion libupnp || strings /usr/lib/libupnp.so* | grep -i version

Verify Fix Applied:

Confirm version is 1.14.5 or higher and test XML parsing functionality remains operational.

📡 Detection & Monitoring

Log Indicators:

Application crashes with stack overflow errors
Abnormal termination of UPnP services
Repeated service restarts

Network Indicators:

Unusual XML payloads sent to UPnP ports
Traffic patterns indicating denial of service attempts

SIEM Query:

source="application.log" AND ("stack overflow" OR "segmentation fault" OR "crash") AND process="*upnp*"

📊 Metadata

CVE ID: CVE-2021-28302

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-770

Published: March 12, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/pupnp/pupnp/issues/249 Exploit,Issue Tracking,Third Party Advisory
https://github.com/pupnp/pupnp/releases/tag/release-1.14.5 Third Party Advisory
https://github.com/pupnp/pupnp/issues/249 Exploit,Issue Tracking,Third Party Advisory
https://github.com/pupnp/pupnp/releases/tag/release-1.14.5 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-28302, you might also want to check these: