CVE-2019-6719

Name of the Vulnerable Software and Affected Versions libIEC61850 version 1.3.1

Description The issue is related to a use-after-free in the getState function, located in the file mms/iso server/iso server.c. This is demonstrated by examples in server example goose.c and server example 61400 25.c.

Recommendations For libIEC61850 version 1.3.1, consider disabling the getState function in iso server.c as a temporary workaround until a patch is available. Restrict access to the affected files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.