CVE-2018-10238
CRITICALskarg BACnet Protocol Stack <0.9.1, 0.8.5 - Buffer Overflow
Title source: llmDescription
bvlc.c in skarg BACnet Protocol Stack bacserv 0.9.1 and 0.8.5 is affected by a Buffer Overflow because of a lack of packet-size validation. The affected component is bacserv BACnet/IP BVLC forwarded NPDU. The function bvlc_bdt_forward_npdu() calls bvlc_encode_forwarded_npdu() which copies the content from the request into a local in the bvlc_bdt_forward_npdu() stack frame and clobbers the canary. The attack vector is: A BACnet/IP device with BBMD enabled based on this library connected to IP network. The fixed version is: 0.8.6.
References (3)
Core 3
Core References
Patch, Third Party Advisory x_refsource_confirm
https://sourceforge.net/p/bacnet/code/3168/
Product x_refsource_confirm
https://sourceforge.net/p/bacnet/code/3169/
Product x_refsource_confirm
https://sourceforge.net/p/bacnet/bugs/55/
Scores
CVSS v3
9.8
EPSS
0.0166
EPSS Percentile
73.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (1)
bacnet_protocol_stack_project/bacnet_protocol_stack
0.8.5
Published
Apr 20, 2018
Tracked Since
Feb 18, 2026