ALT-PU-2021-2864-1
Package libiec61850 updated to version 1.5.0-alt1 for branch sisyphus in task 285767.
Closed vulnerabilities
BDU:2022-05635
Уязвимость библиотеки libIEC61850, связанная с чтением данных за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2022-05636
Уязвимость библиотеки libIEC61850, связанная с чтением данных за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код
BDU:2022-05637
Уязвимость библиотеки libIEC61850, связанная с доступом к ресурсу через несовместимые типы, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-05638
Уязвимость библиотеки libIEC61850, связанная с ошибками разыменования указателей, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-15158
In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. This can cause an application crash or on some platforms even the execution of remote code. If your application is used in open networks or there are untrusted nodes in the network it is highly recommend to apply the patch. This was patched with commit 033ab5b. Users of version 1.4.x should upgrade to version 1.4.3 when available. As a workaround changes of commit 033ab5b can be applied to older versions.
- https://github.com/mz-automation/libiec61850/commit/033ab5b6488250c8c3b838f25a7cbc3e099230bb
- https://github.com/mz-automation/libiec61850/commit/033ab5b6488250c8c3b838f25a7cbc3e099230bb
- https://github.com/mz-automation/libiec61850/issues/250
- https://github.com/mz-automation/libiec61850/issues/250
- https://github.com/mz-automation/libiec61850/security/advisories/GHSA-pq77-fmf7-hjw8
- https://github.com/mz-automation/libiec61850/security/advisories/GHSA-pq77-fmf7-hjw8
Modified: 2024-11-21
CVE-2022-2970
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code.
Modified: 2024-11-21
CVE-2022-2971
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompatible type, which could allow an attacker to crash the server with a malicious payload.
Modified: 2024-11-21
CVE-2022-2972
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) is vulnerable to a stack-based buffer overflow, which could allow an attacker to crash the device or remotely execute arbitrary code.
Modified: 2024-11-21
CVE-2022-2973
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) uses a NULL pointer in certain situations. which could allow an attacker to crash the server.
Modified: 2024-11-21
CVE-2022-3976
A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file src/mms/iso_mms/client/mms_client_files.c of the component MMS File Services. The manipulation of the argument filename leads to path traversal. Upgrading to version 1.5 is able to address this issue. The name of the patch is 10622ba36bb3910c151348f1569f039ecdd8786f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213556.
- https://github.com/mz-automation/libiec61850
- https://github.com/mz-automation/libiec61850
- https://github.com/mz-automation/libiec61850/commit/10622ba36bb3910c151348f1569f039ecdd8786f
- https://github.com/mz-automation/libiec61850/commit/10622ba36bb3910c151348f1569f039ecdd8786f
- https://vuldb.com/?id.213556
- https://vuldb.com/?id.213556