CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1302 – Malformed Goose Message in LibIEC61850 may result in a denial of service
https://notcve.org/view.php?id=CVE-2022-1302
In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of service. En el MZ Automation LibIEC61850 en versiones anteriores a 1.5.1 un atacante no autenticado puede diseñar un mensaje de ganso, lo que puede resultar en una denegación de servicio • https://libiec61850.com/new-release-1-5-1-of-libiec61850 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-7054
https://notcve.org/view.php?id=CVE-2020-7054
MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in libIEC61850 through 1.4.0 has a heap-based buffer overflow when parsing the MMS_BIT_STRING data type. La función MmsValue_decodeMmsData en el archivo mms/iso_mms/server/mms_access_result.c en libIEC61850 versión 1.4.0, presenta un desbordamiento de búfer en la región heap de la memoria cuando se analiza el tipo de datos MMS_BIT_STRING. • https://github.com/mz-automation/libiec61850/issues/200 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16510
https://notcve.org/view.php?id=CVE-2019-16510
libIEC61850 through 1.3.3 has a use-after-free in MmsServer_waitReady in mms/iso_mms/server/mms_server.c, as demonstrated by server_example_goose. libIEC61850 versiones hasta 1.3.3, presenta un uso de la memoria previamente liberada en la función MmsServer_waitReady en el archivo mms/iso_mms/server/mms_server.c, como es demostrado por server_example_goose. • https://github.com/mz-automation/libiec61850/issues/164 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2019-1010300
https://notcve.org/view.php?id=CVE-2019-1010300
mz-automation libiec61850 1.3.2 1.3.1 1.3.0 is affected by: Buffer Overflow. The impact is: Software crash. The component is: server_example_complex_array. The attack vector is: Send a specific MMS protocol packet. mz-automation libiec61850 versión 1.3.2 1.3.1 1.3.0, está afectado por: Desbordamiento de Búfer. El impacto es: Bloqueo de software. • https://github.com/mz-automation/libiec61850/issues/127 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-19185
https://notcve.org/view.php?id=CVE-2018-19185
An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. This is exploitable even after CVE-2018-18834 has been patched, with a different dataSetValue sequence than the CVE-2018-18834 attack vector. Se ha detectado un problema en libIEC61850 v1.3. Es un desbordamiento de búfer basado en memoria dinámica (heap) en BerEncoder_encodeOctetString en mms/asn1/ber_encoder.c. • https://github.com/fouzhe/security/tree/master/libiec61850#another-heap-buffer-overflow-in-function-berencoder_encodeoctetstring https://github.com/mz-automation/libiec61850/issues/87 • CWE-787: Out-of-bounds Write •