CVE-2022-2970

Name of the Vulnerable Software and Affected Versions libIEC61850 versions 1.4 and prior libIEC61850 version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e

Description The issue is related to the library not sanitizing input before using memcpy, which could allow an attacker to crash the device or remotely execute arbitrary code. This is also associated with a buffer overflow, where data is read beyond the memory buffer boundaries. Exploitation of this issue may allow a remote attacker to execute arbitrary code or cause a denial of service.

Recommendations For libIEC61850 versions 1.4 and prior, update to a version that includes input sanitization before memcpy is used. For libIEC61850 version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e, apply the commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e to include the necessary input sanitization. As a temporary workaround, consider restricting input to prevent potential buffer overflows until a patch is available.