An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. This is exploitable even after CVE-2018-18834 has been patched, with a different dataSetValue sequence than the CVE-2018-18834 attack vector.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMz Automation Libiec61850
APPMz-Automation1.3
Related vulnerabilities
Buffer overflow w MMS Client biblioteki LibIEC61850 (MZ Automation)
Buffer overflow w MMS Client biblioteki LibIEC61850 — zdalne przejęcie kontroli
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fb...
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fb...
An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goos...