[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2021-43083: Apache PLC4X 0.9.0 Buffer overflow in PLC4C via crafted server respon
From: Christofer Dutz <cdutz () apache ! org>
Date: 2021-12-20 10:00:38
Message-ID: 5c63230e-b733-4b15-1f5a-e885929bf474 () apache ! org
[Download RAW message or body]
Description:
Apache PLC4X - PLC4C (Only the C language implementation was effected) was =
vulnerable to an unsigned integer underflow flaw inside the tcp transport. =
Users should update to 0.9.1, which addresses this issue.
However, in order to exploit this vulnerability, a user would have to =
actively connect to a mallicious device which could send a response with =
invalid content. Currently we consider the probability of this being =
exploited as quite minimal, however this could change in the future, =
especially with the industrial networks growing more and more together.
Credit:
Apache PLC4X would like to thank Eugene Lim for reporting this issue.
References:
https://lists.apache.org/thread/jxx6qc84z60xbbhn6vp2s5qf09psrtc7
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic