cbcvebase.
CVE-2018-18957
published 2018-11-05

CVE-2018-18957: An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goose/goose_publisher.c.

PriorityP267critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
11.57%
95.5th percentile
An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goose/goose_publisher.c.

Affected

1 ranges
VendorProductVersion rangeFixed in
mz-automationlibiec61850

Detection & IOCsextracted from sources · hover to see the quote

pathgoose/goose_publisher.c
command./goose_publisher_example crash_goosecr_stack_smash_overflow_aaaaaaaaa
processgoose_publisher_example
versionlibiec61850 1.3
  • The overflow is triggered in Ethernet_getInterfaceMACAddress() called from prepareGooseBuffer() when a long interfaceID string is passed; monitor for stack-smashing signals (SIGABRT) originating from goose_publisher_example or any process linked against libiec61850.
  • The vulnerable code path is reached when interfaceID is non-NULL; the attacker-controlled string is passed directly to Ethernet_getInterfaceMACAddress without length validation.
  • ·The exploit was tested on Linux 4.15.0-38-generic; stack-smashing protection (__stack_chk_fail) causes an abort rather than silent exploitation on hardened builds, but the DoS condition still applies.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.