CVE-2018-10238

CRITICAL

skarg BACnet Protocol Stack <0.9.1, 0.8.5 - Buffer Overflow

Title source: llm
STIX 2.1

Description

bvlc.c in skarg BACnet Protocol Stack bacserv 0.9.1 and 0.8.5 is affected by a Buffer Overflow because of a lack of packet-size validation. The affected component is bacserv BACnet/IP BVLC forwarded NPDU. The function bvlc_bdt_forward_npdu() calls bvlc_encode_forwarded_npdu() which copies the content from the request into a local in the bvlc_bdt_forward_npdu() stack frame and clobbers the canary. The attack vector is: A BACnet/IP device with BBMD enabled based on this library connected to IP network. The fixed version is: 0.8.6.

References (3)

Core 3
Core References
Patch, Third Party Advisory x_refsource_confirm
https://sourceforge.net/p/bacnet/code/3168/
Product x_refsource_confirm
https://sourceforge.net/p/bacnet/code/3169/
Product x_refsource_confirm
https://sourceforge.net/p/bacnet/bugs/55/

Scores

CVSS v3 9.8
EPSS 0.0166
EPSS Percentile 73.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (1)
bacnet_protocol_stack_project/bacnet_protocol_stack 0.8.5
Published Apr 20, 2018
Tracked Since Feb 18, 2026