CVE-2019-19958

Published: Dec 24, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

In libIEC61850 1.4.0, StringUtils_createStringFromBuffer in common/string_utilities.c has an integer signedness issue that could lead to an attempted excessive memory allocation and denial of service.

Affected (1)

Products: Mz Automation: Libiec61850

Mz Automation

1 product

Libiec61850

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mz Automation Libiec61850	Version 1.4.0

Related CWEs

CWE-681

Incorrect Conversion between Numeric Types

When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

CWE-770

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (2)

https://github.com/mz-automation/libiec61850/issues/198

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/mz-automation/libiec61850/issues/198

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.