CVE-2024-28286

Name of the Vulnerable Software and Affected Versions libiec61850 version 1.4.0

Description A NULL Pointer Dereference issue was detected in the mmsServer handleFileCloseRequest.c function of src/mms/iso mms/server/mms file service.c, which can cause the application to crash due to a SEGV. The vulnerability is related to pointer dereference errors in the libIEC61850 library. Exploitation of this issue may allow an attacker to cause a denial of service.

Recommendations For libiec61850 version 1.4.0, as a temporary workaround, consider disabling the mmsServer handleFileCloseRequest.c function until a patch is available. Restrict access to the mms file service.c module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.