Mz-Automation: >> Libiec61850 >> 1.4.0 Security Vulnerabilities
MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in libIEC61850 through 1.4.0 has a heap-based buffer overflow when parsing the MMS_BIT_STRING data type.
CVSS Score
8.8
EPSS Score
0.007
Published
2020-01-14
In libIEC61850 1.4.0, getNumberOfElements in mms/iso_mms/server/mms_access_result.c has an out-of-bounds read vulnerability, related to bufPos and elementLength.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-12-24
In libIEC61850 1.4.0, StringUtils_createStringFromBuffer in common/string_utilities.c has an integer signedness issue that could lead to an attempted excessive memory allocation and denial of service.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-12-24
In libIEC61850 1.4.0, BerDecoder_decodeUint32 in mms/asn1/ber_decode.c has an out-of-bounds read, related to intLen and bufPos.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-12-23
In libIEC61850 1.4.0, MmsValue_newOctetString in mms/iso_mms/common/mms_value.c has an integer signedness error that can lead to an attempted excessive memory allocation.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-12-23
In libIEC61850 1.4.0, MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c has a heap-based buffer overflow.
CVSS Score
8.8
EPSS Score
0.005
Published
2019-12-23
Page 2