9.1
CVE-2023-51773
- EPSS 1.05%
- Veröffentlicht 29.02.2024 01:42:05
- Zuletzt bearbeitet 23.05.2025 15:39:17
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
BACnet Stack before 1.3.2 has a decode function APDU buffer over-read in bacapp_decode_application_data in bacapp.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Bacnetstack ≫ Bacnet Stack Version < 1.3.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.05% | 0.599 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
|
CWE-126 Buffer Over-read
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
https://github.com/bacnet-stack/bacnet-stack/blob/master/CHANGELOG.md
https://github.com/bacnet-stack/bacnet-stack/compare/bacnet-stack-1.3.1...bacnet-stack-1.3.2
https://github.com/bacnet-stack/bacnet-stack/pull/546
https://github.com/bacnet-stack/bacnet-stack/pull/546/commits/c465412a076ca6c9ddf649612f2b4e1874d8dcb8
https://sourceforge.net/p/bacnet/bugs/85/