Impact
The vulnerability is an out-of-bounds write in the BufWriter::append function of the EtherNet IP Message Handler component of liftoff-sr CIPster. This flaw allows an attacker to manipulate data structures in a way that corrupts adjacent memory; based on the description, it is inferred that such corruption could lead to arbitrary code execution or other significant compromise of the system.
Affected Systems
All releases of liftoff‑sr CIPster up to the commit e8e9dba09bf56962807d3504b783ccdb6287f3e4 are affected. Because the product follows a rolling‑release delivery model, no specific version numbers are listed, but any installation that includes the vulnerable code before the patch commit 3a0159ed43125dcd024a1965f0289cb186bae9ff is at risk.
Risk and Exploitability
The CVSS score of 6.9 indicates a medium level of severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Remote exploitation is possible and public proof-of-concept exploits have already been released; based on this information, it is inferred that an attacker could potentially trigger the out-of-bounds write over the network without authentication. The lack of an official release note or version designation increases the difficulty of assessing exposure, and based on the public availability of the exploit, it is inferred that there is a high likelihood of real-world impact if it remains unpatched.
OpenCVE Enrichment