Description
A vulnerability was detected in liftoff-sr CIPster up to e8e9dba09bf56962807d3504b783ccdb6287f3e4. Affected by this issue is the function BufWriter::append of the component EtherNet IP Message Handler. Performing a manipulation results in out-of-bounds write. Remote exploitation of the attack is possible. The exploit is now public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The patch is named 3a0159ed43125dcd024a1965f0289cb186bae9ff. To fix this issue, it is recommended to deploy a patch.
Published: 2026-06-29
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an out-of-bounds write in the BufWriter::append function of the EtherNet IP Message Handler component of liftoff-sr CIPster. This flaw allows an attacker to manipulate data structures in a way that corrupts adjacent memory; based on the description, it is inferred that such corruption could lead to arbitrary code execution or other significant compromise of the system.

Affected Systems

All releases of liftoff‑sr CIPster up to the commit e8e9dba09bf56962807d3504b783ccdb6287f3e4 are affected. Because the product follows a rolling‑release delivery model, no specific version numbers are listed, but any installation that includes the vulnerable code before the patch commit 3a0159ed43125dcd024a1965f0289cb186bae9ff is at risk.

Risk and Exploitability

The CVSS score of 6.9 indicates a medium level of severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Remote exploitation is possible and public proof-of-concept exploits have already been released; based on this information, it is inferred that an attacker could potentially trigger the out-of-bounds write over the network without authentication. The lack of an official release note or version designation increases the difficulty of assessing exposure, and based on the public availability of the exploit, it is inferred that there is a high likelihood of real-world impact if it remains unpatched.

Generated by OpenCVE AI on June 29, 2026 at 20:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Deploy the patch identified by commit 3a0159ed43125dcd024a1965f0289cb186bae9ff to replace the vulnerable code.
  • Configure firewall rules to block inbound traffic to the EtherNet IP Message Handler endpoints until the patch is fully deployed and verified.
  • Temporarily disable the EtherNet IP Message Handler component or restrict its network interface to prevent exploitation prior to applying the permanent fix.

Generated by OpenCVE AI on June 29, 2026 at 20:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 29 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in liftoff-sr CIPster up to e8e9dba09bf56962807d3504b783ccdb6287f3e4. Affected by this issue is the function BufWriter::append of the component EtherNet IP Message Handler. Performing a manipulation results in out-of-bounds write. Remote exploitation of the attack is possible. The exploit is now public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The patch is named 3a0159ed43125dcd024a1965f0289cb186bae9ff. To fix this issue, it is recommended to deploy a patch.
Title liftoff-sr CIPster EtherNet IP Message append out-of-bounds write
First Time appeared Liftoff-sr
Liftoff-sr cipster
Weaknesses CWE-119
CWE-787
CPEs cpe:2.3:a:liftoff-sr:cipster:*:*:*:*:*:*:*:*
Vendors & Products Liftoff-sr
Liftoff-sr cipster
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}


Subscriptions

Liftoff-sr Cipster
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-07-01T14:09:20.873Z

Reserved: 2026-06-29T05:04:24.896Z

Link: CVE-2026-13592

cve-icon Vulnrichment

Updated: 2026-07-01T14:08:42.521Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T00:30:06Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-787

    Out-of-bounds Write