CVE-2018-10238

Name of the Vulnerable Software and Affected Versions: bacserv versions 0.8.5 through 0.9.1

Description: The issue is caused by a lack of packet-size validation, leading to a Buffer Overflow in the bvlc.c component of the BACnet Protocol Stack. The affected component is bacserv BACnet/IP BVLC forwarded NPDU. The bvlc bdt forward npdu() function calls bvlc encode forwarded npdu(), which copies content from the request into a local stack frame in bvlc bdt forward npdu() and overwrites the canary. The attack vector involves a BACnet/IP device with BBMD enabled, connected to an IP network, that is based on this library.

Recommendations: For versions 0.8.5 through 0.9.1, update to version 0.8.6 to resolve the issue. As a temporary workaround, consider restricting access to the bvlc bdt forward npdu() function and the bvlc encode forwarded npdu() function until the update is applied.