{"id":"CVE-2022-21159","details":"A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0. A specially-crafted series of network requests can lead to denial of service. An attacker can send a sequence of malformed iec61850 messages to trigger this vulnerability.","modified":"2026-04-11T18:44:53.676819Z","published":"2022-04-15T16:15:07.720Z","references":[{"type":"FIX","url":"https://github.com/mz-automation/libiec61850/commit/cfa94cbf10302bedc779703f874ee2e8387a0721"},{"type":"EVIDENCE","url":"https://talosintelligence.com/vulnerability_reports/TALOS-2022-1467"},{"type":"EVIDENCE","url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1467"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mz-automation/libiec61850","events":[{"introduced":"0"},{"last_affected":"fcefc746fea286aeaa40d2f62240216da81c85e5"},{"fixed":"cfa94cbf10302bedc779703f874ee2e8387a0721"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.5.0"}]}}],"versions":["v1.0.0","v1.0.1","v1.1","v1.2.0","v1.2.1","v1.2.2","v1.3.0","v1.4.0","v1.4.1","v1.5.0"],"database_specific":{"vanir_signatures":[{"source":"https://github.com/mz-automation/libiec61850/commit/cfa94cbf10302bedc779703f874ee2e8387a0721","signature_type":"Line","signature_version":"v1","id":"CVE-2022-21159-6c22e527","digest":{"line_hashes":["25213957932334231058944007225823008941","67471863485973758694629299555634988998","141217303716298442094824262701757012882","23607064311548028137475690767052629718"],"threshold":0.9},"deprecated":false,"target":{"file":"src/mms/iso_presentation/iso_presentation.c"}},{"source":"https://github.com/mz-automation/libiec61850/commit/cfa94cbf10302bedc779703f874ee2e8387a0721","signature_type":"Function","signature_version":"v1","id":"CVE-2022-21159-f6e94241","digest":{"function_hash":"30939351653663780092954731091689706048","length":1951},"deprecated":false,"target":{"function":"parseNormalModeParameters","file":"src/mms/iso_presentation/iso_presentation.c"}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-21159.json","vanir_signatures_modified":"2026-04-11T18:44:53Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}