Описание
BACnet Protocol Stack through 0.8.6 has a segmentation fault leading to denial of service in BACnet APDU Layer because a malformed DCC in AtomicWriteFile, AtomicReadFile and DeviceCommunicationControl services. An unauthenticated remote attacker could cause a denial of service (bacserv daemon crash) because there is an invalid read in bacdcode.c during parsing of alarm tag numbers.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.8.6 (включая)
cpe:2.3:a:bacnet_protocol_stack_project:bacnet_protocol_stack:*:*:*:*:*:*:*:*
EPSS
Процентиль: 96%
0.21165
Средний
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-125
Связанные уязвимости
github
больше 3 лет назад
BACnet Protocol Stack through 0.8.6 could allow an unauthenticated, remote attacker to cause a denial of service (bacserv daemon crash) because there is an invalid read in bacdcode.c during parsing of alarm tag numbers.
EPSS
Процентиль: 96%
0.21165
Средний
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-125