Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Libiec61850
(Mz\-Automation)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 29 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-11-13 | CVE-2022-3976 | A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file src/mms/iso_mms/client/mms_client_files.c of the component MMS File Services. The manipulation of the argument filename leads to path traversal. Upgrading to version 1.5 is able to address this issue. The name of the patch is 10622ba36bb3910c151348f1569f039ecdd8786f. It is recommended to upgrade the affected component. The identifier of this... | Libiec61850 | 8.8 | ||
| 2018-11-07 | CVE-2018-19093 | An issue has been found in libIEC61850 v1.3. It is a SEGV in ControlObjectClient_setCommandTerminationHandler in client/client_control.c. NOTE: the software maintainer disputes this because it requires incorrect usage of the client_example_control program | Libiec61850 | 7.5 | ||
| 2018-11-12 | CVE-2018-19185 | An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. This is exploitable even after CVE-2018-18834 has been patched, with a different dataSetValue sequence than the CVE-2018-18834 attack vector. | Libiec61850 | 9.8 | ||
| 2018-11-05 | CVE-2018-18957 | An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goose/goose_publisher.c. | Libiec61850 | 9.8 | ||
| 2018-10-30 | CVE-2018-18834 | An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. | Libiec61850 | 9.8 | ||
| 2019-12-24 | CVE-2019-19958 | In libIEC61850 1.4.0, StringUtils_createStringFromBuffer in common/string_utilities.c has an integer signedness issue that could lead to an attempted excessive memory allocation and denial of service. | Libiec61850 | N/A | ||
| 2019-12-24 | CVE-2019-19957 | In libIEC61850 1.4.0, getNumberOfElements in mms/iso_mms/server/mms_access_result.c has an out-of-bounds read vulnerability, related to bufPos and elementLength. | Libiec61850 | N/A | ||
| 2019-12-23 | CVE-2019-19944 | In libIEC61850 1.4.0, BerDecoder_decodeUint32 in mms/asn1/ber_decode.c has an out-of-bounds read, related to intLen and bufPos. | Libiec61850 | N/A | ||
| 2019-12-23 | CVE-2019-19931 | In libIEC61850 1.4.0, MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c has a heap-based buffer overflow. | Libiec61850 | N/A | ||
| 2019-12-23 | CVE-2019-19930 | In libIEC61850 1.4.0, MmsValue_newOctetString in mms/iso_mms/common/mms_value.c has an integer signedness error that can lead to an attempted excessive memory allocation. | Libiec61850 | N/A |