CVE-2020-15158

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libIEC61850 versions prior to 1.4.3

Description The issue occurs when a message with a COTP message length field with a value less than 4 is received, leading to an integer underflow and potentially a heap buffer overflow. This can cause an application crash or, on some platforms, even the execution of remote code. The risk is higher if the application is used in open networks or if there are untrusted nodes in the network.

Recommendations For versions prior to 1.4.3, upgrade to version 1.4.3 when available. As a temporary workaround, changes from commit 033ab5b can be applied to older versions.

Fix

Heap Based Buffer Overflow

Integer Underflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-191CWE-119

Related Identifiers

ALT-PU-2021-2864

ALT-PU-2024-11160

CVE-2020-15158

GHSA-PQ77-FMF7-HJW8

Affected Products

Alt Linux

Libiec61850

CVE-2020-15158

Weakness Enumeration

Related Identifiers

Affected Products

References · 5