CVE-2020-15158 - OpenCVE

In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. This can cause an application crash or on some platforms even the execution of remote code. If your application is used in open networks or there are untrusted nodes in the network it is highly recommend to apply the patch. This was patched with commit 033ab5b. Users of version 1.4.x should upgrade to version 1.4.3 when available. As a workaround changes of commit 033ab5b can be applied to older versions.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mz-automation	Libiec61850

Configuration 1 [-]

cpe:2.3:a:mz-automation:libiec61850:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/mz-automation/libiec61850/commit/033ab5b6488250c8c3b838f25a7cbc3e099230bb
https://github.com/mz-automation/libiec61850/issues/250
https://github.com/mz-automation/libiec61850/security/advisories/GHSA-pq77-fmf7-hjw8

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2020-08-26T18:00:16

Updated: 2024-08-04T13:08:22.296Z

Reserved: 2020-06-25T00:00:00

Link: CVE-2020-15158

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-08-26T18:15:10.287

Modified: 2021-11-18T18:35:21.607

Link: CVE-2020-15158

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "libiec61850", "vendor": "mz-automation", "versions": [{"status": "affected", "version": "< 1.4.3"}]}], "descriptions": [{"lang": "en", "value": "In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. This can cause an application crash or on some platforms even the execution of remote code. If your application is used in open networks or there are untrusted nodes in the network it is highly recommend to apply the patch. This was patched with commit 033ab5b. Users of version 1.4.x should upgrade to version 1.4.3 when available. As a workaround changes of commit 033ab5b can be applied to older versions."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-08-26T18:00:16", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/mz-automation/libiec61850/security/advisories/GHSA-pq77-fmf7-hjw8"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/mz-automation/libiec61850/issues/250"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/mz-automation/libiec61850/commit/033ab5b6488250c8c3b838f25a7cbc3e099230bb"}], "source": {"advisory": "GHSA-pq77-fmf7-hjw8", "discovery": "UNKNOWN"}, "title": "Heap buffer overflow in libIEC61850", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-15158", "STATE": "PUBLIC", "TITLE": "Heap buffer overflow in libIEC61850"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "libiec61850", "version": {"version_data": [{"version_value": "< 1.4.3"}]}}]}, "vendor_name": "mz-automation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. This can cause an application crash or on some platforms even the execution of remote code. If your application is used in open networks or there are untrusted nodes in the network it is highly recommend to apply the patch. This was patched with commit 033ab5b. Users of version 1.4.x should upgrade to version 1.4.3 when available. As a workaround changes of commit 033ab5b can be applied to older versions."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}, {"description": [{"lang": "eng", "value": "CWE-122: Heap-based Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "https://github.com/mz-automation/libiec61850/security/advisories/GHSA-pq77-fmf7-hjw8", "refsource": "CONFIRM", "url": "https://github.com/mz-automation/libiec61850/security/advisories/GHSA-pq77-fmf7-hjw8"}, {"name": "https://github.com/mz-automation/libiec61850/issues/250", "refsource": "MISC", "url": "https://github.com/mz-automation/libiec61850/issues/250"}, {"name": "https://github.com/mz-automation/libiec61850/commit/033ab5b6488250c8c3b838f25a7cbc3e099230bb", "refsource": "MISC", "url": "https://github.com/mz-automation/libiec61850/commit/033ab5b6488250c8c3b838f25a7cbc3e099230bb"}]}, "source": {"advisory": "GHSA-pq77-fmf7-hjw8", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:08:22.296Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/mz-automation/libiec61850/security/advisories/GHSA-pq77-fmf7-hjw8"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/mz-automation/libiec61850/issues/250"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/mz-automation/libiec61850/commit/033ab5b6488250c8c3b838f25a7cbc3e099230bb"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-15158", "datePublished": "2020-08-26T18:00:16", "dateReserved": "2020-06-25T00:00:00", "dateUpdated": "2024-08-04T13:08:22.296Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mz-automation:libiec61850:*:*:*:*:*:*:*:*", "matchCriteriaId": "1E993B84-2A79-45F0-BF40-4AF97ACF6F3D", "versionEndExcluding": "1.4.3", "versionStartIncluding": "1.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. This can cause an application crash or on some platforms even the execution of remote code. If your application is used in open networks or there are untrusted nodes in the network it is highly recommend to apply the patch. This was patched with commit 033ab5b. Users of version 1.4.x should upgrade to version 1.4.3 when available. As a workaround changes of commit 033ab5b can be applied to older versions."}, {"lang": "es", "value": "En libIEC61850 versiones anteriores a 1.4.3, cuando un mensaje es recibido con un campo de longitud de mensaje COTP con valor menor a 4, se producir\u00e1 un subdesbordamiento de enteros conllevando a un desbordamiento del b\u00fafer en la pila. Esto puede causar un bloqueo de la aplicaci\u00f3n o, en algunas plataformas, inclusive una ejecuci\u00f3n de c\u00f3digo remota. Si su aplicaci\u00f3n es utilizada en redes abiertas o si existen nodos en la red que no son confiables, se recomienda altamente aplicar el parche. Esto fue parcheado con el commit 033ab5b. Los usuarios de la versi\u00f3n 1.4.x deben actualizar a la versi\u00f3n 1.4.3 cuando est\u00e9 disponible. Como soluci\u00f3n alternativa, los cambios de commit 033ab5b pueden ser aplicados a versiones anteriores"}], "id": "CVE-2020-15158", "lastModified": "2021-11-18T18:35:21.607", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.3, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2020-08-26T18:15:10.287", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/mz-automation/libiec61850/commit/033ab5b6488250c8c3b838f25a7cbc3e099230bb"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/mz-automation/libiec61850/issues/250"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/mz-automation/libiec61850/security/advisories/GHSA-pq77-fmf7-hjw8"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-191"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-122"}], "source": "security-advisories@github.com", "type": "Secondary"}]}