An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. This is exploitable even after CVE-2018-18834 has been patched, with a different dataSetValue sequence than the CVE-2018-18834 attack vector.
References
Link | Resource |
---|---|
https://github.com/fouzhe/security/tree/master/libiec61850#another-heap-buffer-overflow-in-function-berencoder_encodeoctetstring | Exploit Third Party Advisory |
https://github.com/mz-automation/libiec61850/issues/87 | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2018-11-12 05:29
Updated : 2024-02-28 16:48
NVD link : CVE-2018-19185
Mitre link : CVE-2018-19185
CVE.ORG link : CVE-2018-19185
JSON object : View
Products Affected
mz-automation
- libiec61850
CWE
CWE-787
Out-of-bounds Write