CVE-2024-45970

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-45970
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45970.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-45970
Published
2024-11-15T19:15:07.497Z
Modified
2025-11-20T12:28:27.714050Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit ac925fae8e281ac6defcd630e9dd756264e9c5bc allow a malicious server to cause a stack-based buffer overflow via the MMS FileDirResponse message.

References

Affected packages

Git / github.com/mz-automation/libiec61850

Affected ranges

Type
GIT
Repo
https://github.com/mz-automation/libiec61850
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
ac925fae8e281ac6defcd630e9dd756264e9c5bc

Affected versions

v1.*

v1.0.0
v1.0.1
v1.1
v1.2.0
v1.2.1
v1.2.2
v1.3.0
v1.4.0
v1.4.1
v1.4.2
v1.4.2.1
v1.5.0
v1.5.1

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 612.0,
            "function_hash": "303879781645442864602887848502166107065"
        },
        "source": "https://github.com/mz-automation/libiec61850/commit/ac925fae8e281ac6defcd630e9dd756264e9c5bc",
        "target": {
            "file": "src/mms/iso_mms/client/mms_client_files.c",
            "function": "parseFileAttributes"
        },
        "id": "CVE-2024-45970-04b7f047"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "307511949982169214882580224381524218431",
                "10328641350445122611015829559859122319",
                "156528089482707069043509408737738883259",
                "111828210124929090522473056631811100548",
                "273358915731973005143320774525099221099",
                "230418070759551756736827622160518119504",
                "107497782957833197931359675844746462970",
                "185192457619609961665369183081648911281",
                "320378584721608430663179230857407412054",
                "8812667395594147204254315660381958843",
                "126886765889216431243024891530522974235",
                "3968196394155706714010092786521046588",
                "68539940616786142789724218014687724654",
                "59604605285145441903169955632130004121",
                "122626917515786234905172914050192021898",
                "3968196394155706714010092786521046588",
                "68539940616786142789724218014687724654",
                "246967719078801949673011295946722489062",
                "277155798881339660700122737191282243666",
                "219228220688516715011591658190385254159",
                "184079847354137855071414883259699545590"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/mz-automation/libiec61850/commit/ac925fae8e281ac6defcd630e9dd756264e9c5bc",
        "target": {
            "file": "src/mms/iso_mms/client/mms_client_files.c"
        },
        "id": "CVE-2024-45970-0df03da7"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 1131.0,
            "function_hash": "103170009725023122214798347000222996816"
        },
        "source": "https://github.com/mz-automation/libiec61850/commit/ac925fae8e281ac6defcd630e9dd756264e9c5bc",
        "target": {
            "file": "src/mms/iso_mms/client/mms_client_files.c",
            "function": "parseDirectoryEntry"
        },
        "id": "CVE-2024-45970-818577b6"
    }
]