CVE-2016-8597

CRITICAL

libcsp < 1.4 - Buffer Overflow via Crafted SFP Packets

Title source: llm
STIX 2.1

Description

Buffer overflow in the csp_sfp_recv_fp in csp_sfp.c in the libcsp library v1.4 and earlier allows hostile components with network access to the SFP underlying network layers to execute arbitrary code via specially crafted SFP packets.

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://github.com/GomSpace/libcsp/pull/80
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/94226

Scores

CVSS v3 9.8
EPSS 0.0226
EPSS Percentile 80.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (1)
libcsp/libcsp < 1.4
Published Oct 28, 2016
Tracked Since Feb 18, 2026