Skarg

**Name of the Vulnerable Software and Affected Versions** BACnet Stack versions prior to 1.3.2 **Description** The issue is related to a decode function APDU buffer over-read in the `bacapp decode application data` function in `bacapp.c`. This over-read occurs in versions of the BACnet Stack before 1.3.2. **Recommendations** For versions prior to 1.3.2, update to version 1.3.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `bacapp decode application data` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** BACnet Protocol Stack versions through 0.8.6 **Description** The issue is related to a segmentation fault that leads to a denial of service in the BACnet APDU Layer. This occurs due to a malformed DCC in AtomicWriteFile, AtomicReadFile, and DeviceCommunicationControl services. An unauthenticated remote attacker can cause a denial of service, resulting in the bacserv daemon crash, because of an invalid read in bacdcode.c during the parsing of alarm tag numbers. **Recommendations** For BACnet Protocol Stack versions through 0.8.6, consider restricting access to the AtomicWriteFile, AtomicReadFile, and DeviceCommunicationControl services until a patch is available. As a temporary workaround, avoid using the `bacdcode.c` file for parsing alarm tag numbers until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.