CVE-2025-66624

Name of the Vulnerable Software and Affected Versions BACnet Protocol Stack versions prior to 1.5.0.rc2

Description The BACnet Protocol Stack library contains flaws in the npdu is expected reply function within src/bacnet/npdu.c. This function does not properly validate the existence of Application Protocol Data Unit (APDU) bytes before indexing them, potentially leading to out-of-bounds reads. The bacnet npdu decode() function can return an offset value that allows small PDUs to bypass version checks and trigger the out-of-bounds read. This can cause a denial-of-service (DoS) condition, particularly in builds with AddressSanitizer (ASan), Memory Protection Unit (MPU), or strict compilation settings. While remote code execution (RCE) is considered unlikely due to the read-only nature of the vulnerability, a reliable DoS is possible. The vulnerability involves indexing request pdu[offset+2/3/5] and reply pdu[offset+1/2/4] without sufficient validation.

Recommendations Update to version 1.5.0.rc2 or later.