Closed Alice-and-Bob closed 7 months ago
hi, @mzillgith and team,I updated with more poc samples that trigger this vulnerability, which complements the vulnerability samples mentioned in issue 492. Although I didn't mention this vulnerability in a separate issue, I'm still happy that it was fixed
Description
An SEGV vulnerability was detected in the mmsServer_handleDeleteNamedVariableListRequest function of src/mms/iso_mms/server/mms_named_variable_list_service.c:146. The vulnerability manifests as SEGV and causes the application to crash.
version
all releases and any commit before 2823184
system information
ubuntu18.04
proof of concept
mms_named_variable_list_service.zip
poc_of_mms_get_namelist_service.zip
command
cd path/to/libiec61850-v1.5.3/examples/server_example_substitution sudo ./server_example_substitution
cat poc | nc 0.0.0.0 102
result