CVE-2019-6135

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libIEC61850 version 1.3.1

Description A memory leak issue has been identified. The Memory malloc function in hal/memory/lib memory.c leaks memory when called from Asn1PrimitiveValue create in mms/asn1/asn1 ber primitive value.c. This issue is demonstrated by examples such as goose publisher example.c and iec61850 9 2 LE example.c.

Recommendations For libIEC61850 version 1.3.1, consider applying a patch to fix the memory leak in the Memory malloc function. As a temporary workaround, restrict the use of the Asn1PrimitiveValue create function to minimize the risk of exploitation.

Exploit

Fix

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

ALT-PU-2020-3467

ALT-PU-2020-3487

ALT-PU-2024-11160

CVE-2019-6135

Affected Products

Alt Linux

Libiec61850

CVE-2019-6135

Weakness Enumeration

Related Identifiers

Affected Products

References · 4