GHSA-x327-px9p-wgr2

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 7.5

Описание

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)

Ссылки

EPSS

Процентиль: 80%

0.01414

Низкий

7.5 High

CVSS3

CVE ID

CVE-2021-31881

Дефекты

CWE-125

Связанные уязвимости

CVE-2021-31881

CVSS3: 7.1

nvd

около 4 лет назад

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)

BDU:2023-03410

CVSS3: 7.5

fstec

около 4 лет назад

Уязвимость службы DHCP микропрограммного обеспечения контроллеров APOGEE MBC, APOGEE MEC, APOGEE PXC, Desigo PXC, TALON TC и операционной системы Nucleus, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 80%

0.01414

Низкий

7.5 High

CVSS3

CVE ID

CVE-2021-31881

Дефекты

CWE-125