CVE-2020-15158

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-15158
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15158.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-15158
Related
  • GHSA-pq77-fmf7-hjw8
Published
2020-08-26T18:15:10Z
Modified
2025-01-08T10:27:31.597264Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. This can cause an application crash or on some platforms even the execution of remote code. If your application is used in open networks or there are untrusted nodes in the network it is highly recommend to apply the patch. This was patched with commit 033ab5b. Users of version 1.4.x should upgrade to version 1.4.3 when available. As a workaround changes of commit 033ab5b can be applied to older versions.

References

Affected packages

Git / github.com/mz-automation/libiec61850

Affected ranges

Type
GIT
Repo
https://github.com/mz-automation/libiec61850
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

v1.*

v1.0.0
v1.0.1
v1.1
v1.2.0
v1.2.1
v1.2.2
v1.3.0
v1.4.0
v1.4.1
v1.4.2
v1.4.2.1