← voltar
CVE-2020-15158

Heap buffer overflow in libIEC61850

CVSS 7.7 HIGHEPSS 2.0%CWE-119CWE-122
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.7EPSS 2.0%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
26 ago 2020Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. This can cause an application crash or on some platforms even the execution of remote code. If your application is used in open networks or there are untrusted nodes in the network it is highly recommend to apply the patch. This was patched with commit 033ab5b. Users of version 1.4.x should upgrade to version 1.4.3 when available. As a workaround changes of commit 033ab5b can be applied to older versions.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
Produtos afetados
mz-automation · libiec61850

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/mz-automation/libiec61850/commit/033ab5b6488250c8c3b838f25a7cbc3e099230bbhttps://github.com/mz-automation/libiec61850/issues/250https://github.com/mz-automation/libiec61850/security/advisories/GHSA-pq77-fmf7-hjw8