Vulnerability Details CVE-2019-14323
SSDP Responder 1.x through 1.5 mishandles incoming network messages, leading to a stack-based buffer overflow by 1 byte. This results in a crash of the server, but only when strict stack checking is enabled. This is caused by an off-by-one error in ssdp_recv in ssdpd.c.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2019-14323
-
Simple Service Discovery Protocol Responder Project » Simple Service Discovery Protocol Responder » Version: 1.0cpe:2.3:a:simple_service_discovery_protocol_responder_project:simple_service_discovery_protocol_responder:1.0
-
Simple Service Discovery Protocol Responder Project » Simple Service Discovery Protocol Responder » Version: 1.1cpe:2.3:a:simple_service_discovery_protocol_responder_project:simple_service_discovery_protocol_responder:1.1
-
Simple Service Discovery Protocol Responder Project » Simple Service Discovery Protocol Responder » Version: 1.2cpe:2.3:a:simple_service_discovery_protocol_responder_project:simple_service_discovery_protocol_responder:1.2
-
Simple Service Discovery Protocol Responder Project » Simple Service Discovery Protocol Responder » Version: 1.3cpe:2.3:a:simple_service_discovery_protocol_responder_project:simple_service_discovery_protocol_responder:1.3
-
Simple Service Discovery Protocol Responder Project » Simple Service Discovery Protocol Responder » Version: 1.4cpe:2.3:a:simple_service_discovery_protocol_responder_project:simple_service_discovery_protocol_responder:1.4
-
Simple Service Discovery Protocol Responder Project » Simple Service Discovery Protocol Responder » Version: 1.5cpe:2.3:a:simple_service_discovery_protocol_responder_project:simple_service_discovery_protocol_responder:1.5