CVE-2020-15158

26.08.2020, 18:15

In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. This can cause an application crash or on some platforms even the execution of remote code. If your application is used in open networks or there are untrusted nodes in the network it is highly recommend to apply the patch. This was patched with commit 033ab5b. Users of version 1.4.x should upgrade to version 1.4.3 when available. As a workaround changes of commit 033ab5b can be applied to older versions.

Wrap or Wraparound

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.7 HIGH	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
GitHub_M	CNA	7.7 HIGH	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 84%

Vendor	Product	Version
mz-automation	libiec61850	1.4.0 ≤ 𝑥 < 1.4.3

𝑥

= Vulnerable software versions

Common Weakness Enumeration

References

https://github.com/mz-automation/libiec61850/commit/033ab5b6488250c8c3b838f25a7cbc3e099230bb

https://github.com/mz-automation/libiec61850/issues/250

https://github.com/mz-automation/libiec61850/security/advisories/GHSA-pq77-fmf7-hjw8

https://github.com/mz-automation/libiec61850/commit/033ab5b6488250c8c3b838f25a7cbc3e099230bb

https://github.com/mz-automation/libiec61850/issues/250

https://github.com/mz-automation/libiec61850/security/advisories/GHSA-pq77-fmf7-hjw8