[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2021-43083: Apache PLC4X 0.9.0 Buffer overflow in PLC4C via crafted server respon
From:       Christofer Dutz <cdutz () apache ! org>
Date:       2021-12-20 10:00:38
Message-ID: 5c63230e-b733-4b15-1f5a-e885929bf474 () apache ! org
[Download RAW message or body]

Description:

Apache PLC4X - PLC4C (Only the C language implementation was effected) was =
vulnerable to an unsigned integer underflow flaw inside the tcp transport. =
Users should update to 0.9.1, which addresses this issue.

However, in order to exploit this vulnerability, a user would have to =
actively connect to a mallicious device which could send a response with =
invalid content. Currently we consider the probability of this being =
exploited as quite minimal, however this could change in the future, =
especially with the industrial networks growing more and more together.

Credit:

Apache PLC4X would like to thank Eugene Lim for reporting this issue.

References:

https://lists.apache.org/thread/jxx6qc84z60xbbhn6vp2s5qf09psrtc7

[prev in list] [next in list] [prev in thread] [next in thread]