{"id":"CVE-2021-28302","details":"A stack overflow in pupnp before version 1.14.5 can cause the denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a child node recursively, which will consume stack space and lead to a crash.","modified":"2026-04-12T02:45:02.199259Z","published":"2021-03-12T15:15:14.377Z","related":["openSUSE-SU-2024:11006-1"],"references":[{"type":"ADVISORY","url":"https://github.com/pupnp/pupnp/releases/tag/release-1.14.5"},{"type":"REPORT","url":"https://github.com/pupnp/pupnp/issues/249"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pupnp/pupnp","events":[{"introduced":"0"},{"fixed":"cdc8c8fdf90350175dc0d7fdba37bf631030c847"}],"database_specific":{"cpe":"cpe:2.3:a:pupnp_project:pupnp:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"1.14.5"}],"source":["CPE_FIELD","REFERENCES"]}}],"versions":["last_svn_trunk","release-1.10.0","release-1.10.1","release-1.12.0","release-1.14.0","release-1.14.1","release-1.14.2","release-1.14.3","release-1.14.4","release-1.8.0","release-1.8.1","release-1.8.2","release-1.8.3","release-1.8.4"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-28302.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}