{"id":"CVE-2016-6255","details":"Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler.","modified":"2026-05-18T13:47:20.723132Z","published":"2017-03-07T16:59:00.743Z","related":["openSUSE-SU-2024:11006-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"8.0"}],"vendor_product":"debian:debian_linux","source":"CPE_FIELD","cpes":["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"]}]},"references":[{"type":"WEB","url":"https://www.exploit-db.com/exploits/40589/"},{"type":"WEB","url":"https://www.tenable.com/security/research/tra-2017-10"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3736"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/92050"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201701-52"},{"type":"ADVISORY","url":"https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLog"},{"type":"ADVISORY","url":"https://twitter.com/mjg59/status/755062278513319936"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2016/07/18/13"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2016/07/20/5"},{"type":"FIX","url":"https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mjg59/pupnp-code","events":[{"introduced":"0"},{"fixed":"be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd"}],"database_specific":{"source":"REFERENCES"}}],"database_specific":{"vanir_signatures_modified":"2026-05-18T13:47:20Z","vanir_signatures":[{"signature_type":"Function","signature_version":"v1","target":{"function":"http_RecvPostMessage","file":"upnp/src/genlib/net/http/webserver.c"},"deprecated":false,"source":"https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd","id":"CVE-2016-6255-7740797d","digest":{"length":2541,"function_hash":"212251749395148867721629458307923964863"}},{"signature_type":"Line","signature_version":"v1","target":{"file":"upnp/src/genlib/net/http/webserver.c"},"deprecated":false,"source":"https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd","id":"CVE-2016-6255-a6ab9dd3","digest":{"line_hashes":["84418285040388207588986487673792281868","66730018829465562609055539162208265760","28942761826591058533852300092857965294","228902641696458123845140305949883135080","137134906439484352414626189625222104624","116622230184875046664787740408048326301","249006178772565463612952829024447696485"],"threshold":0.9}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6255.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/pupnp/pupnp","events":[{"introduced":"0"},{"last_affected":"019095d79f8c7227f53ad11ac2013fb9b8d3dd94"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"1.6.20"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:libupnp_project:libupnp:*:*:*:*:*:*:*:*"}}],"versions":["release-1.6.20","release-1.6.19","release-1.6.18","release-1.6.17","release-1.6.16","release-1.6.15","release-1.6.14","release-1.6.13","release-1.6.12","release-1.6.11","release-1.6.10","release-1.6.9","release-1.6.8","release-1.6.7","last_svn_1.6.x"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6255.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}