Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Libiec61850
(Mz\-Automation)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 29 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2022-01-14 | CVE-2021-45769 | A NULL pointer dereference in AcseConnection_parseMessage at src/mms/iso_acse/acse.c of libiec61850 v1.5.0 can lead to a segmentation fault or application crash. | Libiec61850 | 7.5 | ||
2020-08-26 | CVE-2020-15158 | In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. This can cause an application crash or on some platforms even the execution of remote code. If your application is used in open networks or there are untrusted nodes in the network it is highly recommend to apply the patch. This was patched with commit 033ab5b. Users of version 1.4.x should upgrade to version 1.4.3... | Libiec61850 | 9.8 | ||
2018-11-12 | CVE-2018-19185 | An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. This is exploitable even after CVE-2018-18834 has been patched, with a different dataSetValue sequence than the CVE-2018-18834 attack vector. | Libiec61850 | 9.8 | ||
2018-11-05 | CVE-2018-18957 | An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goose/goose_publisher.c. | Libiec61850 | 9.8 | ||
2018-10-30 | CVE-2018-18834 | An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. | Libiec61850 | 9.8 | ||
2020-01-14 | CVE-2020-7054 | MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in libIEC61850 through 1.4.0 has a heap-based buffer overflow when parsing the MMS_BIT_STRING data type. | Libiec61850 | N/A | ||
2019-12-24 | CVE-2019-19958 | In libIEC61850 1.4.0, StringUtils_createStringFromBuffer in common/string_utilities.c has an integer signedness issue that could lead to an attempted excessive memory allocation and denial of service. | Libiec61850 | N/A | ||
2019-12-24 | CVE-2019-19957 | In libIEC61850 1.4.0, getNumberOfElements in mms/iso_mms/server/mms_access_result.c has an out-of-bounds read vulnerability, related to bufPos and elementLength. | Libiec61850 | N/A | ||
2019-12-23 | CVE-2019-19944 | In libIEC61850 1.4.0, BerDecoder_decodeUint32 in mms/asn1/ber_decode.c has an out-of-bounds read, related to intLen and bufPos. | Libiec61850 | N/A | ||
2019-12-23 | CVE-2019-19931 | In libIEC61850 1.4.0, MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c has a heap-based buffer overflow. | Libiec61850 | N/A |