CVE-2018-10238
Last modified
CVE-2018-10238 is a vulnerability of currently unknown severity. bvlc.c in skarg BACnet Protocol Stack bacserv 0.9.1 and 0.8.5 is affected by a Buffer Overflow because of a lack of packet-size validation. The affected component is bacserv BACnet/IP BVLC forwarded NPDU. EPSS estimates a 1.66% chance of exploitation in the next 30 days.
Description
bvlc.c in skarg BACnet Protocol Stack bacserv 0.9.1 and 0.8.5 is affected by a Buffer Overflow because of a lack of packet-size validation. The affected component is bacserv BACnet/IP BVLC forwarded NPDU. The function bvlc_bdt_forward_npdu() calls bvlc_encode_forwarded_npdu() which copies the content from the request into a local in the bvlc_bdt_forward_npdu() stack frame and clobbers the canary. The attack vector is: A BACnet/IP device with BBMD enabled based on this library connected to IP network. The fixed version is: 0.8.6.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Bacnet Protocol Stack Project | Bacnet Protocol Stack | 0.8.5 |
References
- https://sourceforge.net/p/bacnet/code/3168/Patch, Third Party Advisory
- https://sourceforge.net/p/bacnet/code/3168/Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-10238?
How severe is CVE-2018-10238?
How do I fix CVE-2018-10238?
Are you affected by CVE-2018-10238?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST