漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Heap buffer overflow in libIEC61850
Vulnerability Description
In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. This can cause an application crash or on some platforms even the execution of remote code. If your application is used in open networks or there are untrusted nodes in the network it is highly recommend to apply the patch. This was patched with commit 033ab5b. Users of version 1.4.x should upgrade to version 1.4.3 when available. As a workaround changes of commit 033ab5b can be applied to older versions.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
Vulnerability Type
内存缓冲区边界内操作的限制不恰当
Vulnerability Title
Mz Automation libIEC61850 数字错误漏洞
Vulnerability Description
Mz Automation Libiec61850是Mz Automation公司的一个IEC 61850协议的开源库。 libIEC61850 1.4.3之前版本存在数字错误漏洞,该漏洞源于COTP消息长度字段值< 4的消息时,将发生整数下溢,导致堆缓冲区溢出。这可能导致应用程序崩溃,或者在某些平台上甚至导致远程代码的执行。如果您的应用程序是在开放网络中使用的,或者网络中存在不受信任的节点,那么强烈建议应用补丁。
CVSS Information
N/A
Vulnerability Type
N/A