CVE-2020-15158

In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. This can cause an application crash or on some platforms even the execution of remote code. If your application is used in open networks or there are untrusted nodes in the network it is highly recommend to apply the patch. This was patched with commit 033ab5b. Users of version 1.4.x should upgrade to version 1.4.3 when available. As a workaround changes of commit 033ab5b can be applied to older versions.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/mz-automation/libiec61850/commit/033ab5b6488250c8c3b838f25a7cbc3e099230bb	Patch Third Party Advisory
https://github.com/mz-automation/libiec61850/issues/250	Third Party Advisory
https://github.com/mz-automation/libiec61850/security/advisories/GHSA-pq77-fmf7-hjw8	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mz-automation:libiec61850:*:*:*:*:*:*:*:*

History

18 Nov 2021, 18:35

Type	Values Removed	Values Added
CWE	CWE-119 CWE-122	CWE-191

Information

Published : 2020-08-26 18:15

Updated : 2023-12-10 13:27

NVD link : CVE-2020-15158

Mitre link : CVE-2020-15158

CVE.ORG link : CVE-2020-15158

JSON object : View

Products Affected

mz-automation

libiec61850

CWE

CWE-191

Integer Underflow (Wrap or Wraparound)

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-122

Heap-based Buffer Overflow

{"id": "CVE-2020-15158", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 5.3, "exploitabilityScore": 1.8}]}, "published": "2020-08-26T18:15:10.287", "references": [{"url": "https://github.com/mz-automation/libiec61850/commit/033ab5b6488250c8c3b838f25a7cbc3e099230bb", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/mz-automation/libiec61850/issues/250", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/mz-automation/libiec61850/security/advisories/GHSA-pq77-fmf7-hjw8", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-191"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-122"}]}], "descriptions": [{"lang": "en", "value": "In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. This can cause an application crash or on some platforms even the execution of remote code. If your application is used in open networks or there are untrusted nodes in the network it is highly recommend to apply the patch. This was patched with commit 033ab5b. Users of version 1.4.x should upgrade to version 1.4.3 when available. As a workaround changes of commit 033ab5b can be applied to older versions."}, {"lang": "es", "value": "En libIEC61850 versiones anteriores a 1.4.3, cuando un mensaje es recibido con un campo de longitud de mensaje COTP con valor menor a 4, se producir\u00e1 un subdesbordamiento de enteros conllevando a un desbordamiento del b\u00fafer en la pila. Esto puede causar un bloqueo de la aplicaci\u00f3n o, en algunas plataformas, inclusive una ejecuci\u00f3n de c\u00f3digo remota. Si su aplicaci\u00f3n es utilizada en redes abiertas o si existen nodos en la red que no son confiables, se recomienda altamente aplicar el parche. Esto fue parcheado con el commit 033ab5b. Los usuarios de la versi\u00f3n 1.4.x deben actualizar a la versi\u00f3n 1.4.3 cuando est\u00e9 disponible. Como soluci\u00f3n alternativa, los cambios de commit 033ab5b pueden ser aplicados a versiones anteriores"}], "lastModified": "2021-11-18T18:35:21.607", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mz-automation:libiec61850:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E993B84-2A79-45F0-BF40-4AF97ACF6F3D", "versionEndExcluding": "1.4.3", "versionStartIncluding": "1.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}