CVE-2016-8596

CRITICAL

libcsp < 1.4 - Buffer Overflow via Long CSP Packet

Title source: llm
STIX 2.1

Description

Buffer overflow in the csp_can_process_frame in csp_if_can.c in the libcsp library v1.4 and earlier allows hostile components connected to the canbus to execute arbitrary code via a long csp packet.

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://github.com/GomSpace/libcsp/pull/80
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/94226

Scores

CVSS v3 9.8
EPSS 0.0226
EPSS Percentile 80.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (1)
libcsp/libcsp < 1.4
Published Oct 28, 2016
Tracked Since Feb 18, 2026