CVE-2019-12480

EUVD-2019-4076
BACnet Protocol Stack through 0.8.6 has a segmentation fault leading to denial of service in BACnet APDU Layer because a malformed DCC in AtomicWriteFile, AtomicReadFile and DeviceCommunicationControl services. An unauthenticated remote attacker could cause a denial of service (bacserv daemon crash) because there is an invalid read in bacdcode.c during parsing of alarm tag numbers.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
Affected Products (NVD)
VendorProductVersion
bacnet_protocol_stack_projectbacnet_protocol_stack
𝑥
≤ 0.8.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/153716/BACnet-Stack-0.8.6-Denial-Of-Service.html
https://1modm.github.io/CVE-2019-12480.html
https://sourceforge.net/p/bacnet/bugs/62/
https://sourceforge.net/p/bacnet/code/3220
https://sourceforge.net/p/bacnet/code/3223
https://sourceforge.net/p/bacnet/code/3224
https://sourceforge.net/p/bacnet/code/3225
http://packetstormsecurity.com/files/153716/BACnet-Stack-0.8.6-Denial-Of-Service.html
https://1modm.github.io/CVE-2019-12480.html
https://sourceforge.net/p/bacnet/bugs/62/
https://sourceforge.net/p/bacnet/code/3220
https://sourceforge.net/p/bacnet/code/3223
https://sourceforge.net/p/bacnet/code/3224
https://sourceforge.net/p/bacnet/code/3225