CVE-2022-21159
- Source
- https://cve.org/CVERecord?id=CVE-2022-21159
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-21159.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-21159
- Published
- 2022-04-15T16:15:07.720Z
- Modified
- 2026-02-06T22:38:43.755847Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0. A specially-crafted series of network requests can lead to denial of service. An attacker can send a sequence of malformed iec61850 messages to trigger this vulnerability.
- References
-
- https://github.com/mz-automation/libiec61850/commit/cfa94cbf10302bedc779703f874ee2e8387a0721
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1467
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1467
- https://github.com/mz-automation/libiec61850/commit/cfa94cbf10302bedc779703f874ee2e8387a0721
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1467
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1467
Affected packages
Git / github.com/mz-automation/libiec61850
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mz-automation/libiec61850
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v1.*
v1.0.0
v1.0.1
v1.1
v1.2.0
v1.2.1
v1.2.2
v1.3.0
v1.4.0
v1.4.1
v1.4.2
v1.4.2.1
v1.5.0
Database specific
vanir_signatures
[
{
"signature_type": "Line",
"source": "https://github.com/mz-automation/libiec61850/commit/cfa94cbf10302bedc779703f874ee2e8387a0721",
"digest": {
"threshold": 0.9,
"line_hashes": [
"25213957932334231058944007225823008941",
"67471863485973758694629299555634988998",
"141217303716298442094824262701757012882",
"23607064311548028137475690767052629718"
]
},
"target": {
"file": "src/mms/iso_presentation/iso_presentation.c"
},
"id": "CVE-2022-21159-6c22e527",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Function",
"source": "https://github.com/mz-automation/libiec61850/commit/cfa94cbf10302bedc779703f874ee2e8387a0721",
"digest": {
"function_hash": "30939351653663780092954731091689706048",
"length": 1951.0
},
"target": {
"file": "src/mms/iso_presentation/iso_presentation.c",
"function": "parseNormalModeParameters"
},
"id": "CVE-2022-21159-f6e94241",
"deprecated": false,
"signature_version": "v1"
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-21159.json"