CVE-2018-19185

Name of the Vulnerable Software and Affected Versions libIEC61850 version 1.3

Description A heap-based buffer overflow issue has been discovered in the BerEncoder encodeOctetString function, located in mms/asn1/ber encoder.c. This issue is exploitable and can be triggered with a different data sequence than a previously known attack vector.

Recommendations For libIEC61850 version 1.3, consider restricting access to the BerEncoder encodeOctetString function in ber encoder.c until a patch is available. Avoid using the BerEncoder encodeOctetString function with potentially malicious input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.