{"id":"CVE-2024-45971","details":"Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit 1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0 allow a malicious server to cause a stack-based buffer overflow via the MMS IdentifyResponse message.","modified":"2026-04-12T10:53:12.729440Z","published":"2024-11-15T19:15:07.577Z","references":[{"type":"ADVISORY","url":"https://encs.eu/news/critical-security-vulnerabilities-discovered-in-mz-automations-mms-client/"},{"type":"FIX","url":"https://github.com/mz-automation/libiec61850/commit/1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mz-automation/libiec61850","events":[{"introduced":"0"},{"fixed":"519b0208cc79d1af09d5ca40fb9ad1fd93822e93"},{"fixed":"1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.6.0"}]}}],"versions":["v1.0.0","v1.0.1","v1.1","v1.2.0","v1.2.1","v1.2.2","v1.3.0","v1.4.0","v1.4.1"],"database_specific":{"vanir_signatures_modified":"2026-04-12T10:53:12Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45971.json","vanir_signatures":[{"source":"https://github.com/mz-automation/libiec61850/commit/1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0","signature_version":"v1","signature_type":"Line","id":"CVE-2024-45971-32a406e4","digest":{"threshold":0.9,"line_hashes":["281431286333535797317477544312974255396","68352113068859478123642283486340240581","58488026240558958561061791146813901589","303227863073996477443683468409786859621","296980235403334324139561917004772522859","102100482162084322528626897048591309093","158855990745641449054434118563778651199","256713071504589936774221367567555489992","191283594807220857384926071069487935160","62891261184403133220326882490932068307","324041916989801785132050239194258833529","316466421945169194066543900681011132063"]},"deprecated":false,"target":{"file":"src/mms/iso_mms/client/mms_client_identify.c"}},{"source":"https://github.com/mz-automation/libiec61850/commit/1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0","signature_version":"v1","signature_type":"Function","id":"CVE-2024-45971-3d4ff0d2","digest":{"function_hash":"247510448608299098268447783819171180873","length":1092},"deprecated":false,"target":{"function":"mmsClient_parseIdentifyResponse","file":"src/mms/iso_mms/client/mms_client_identify.c"}},{"source":"https://github.com/mz-automation/libiec61850/commit/1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0","signature_version":"v1","signature_type":"Function","id":"CVE-2024-45971-6d8b1b1d","digest":{"function_hash":"190523234508680924781892074700584755075","length":4680},"deprecated":false,"target":{"function":"mmsListObjectsAccessHandler","file":"src/iec61850/server/mms_mapping/mms_mapping.c"}},{"source":"https://github.com/mz-automation/libiec61850/commit/1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0","signature_version":"v1","signature_type":"Function","id":"CVE-2024-45971-89141fed","digest":{"function_hash":"160758494718919536462209571739816541390","length":3595},"deprecated":false,"target":{"function":"createNamedVariableList","file":"src/mms/iso_mms/server/mms_named_variable_list_service.c"}},{"source":"https://github.com/mz-automation/libiec61850/commit/1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0","signature_version":"v1","signature_type":"Line","id":"CVE-2024-45971-bd309881","digest":{"threshold":0.9,"line_hashes":["140653448836466185895301013427014903819","60506659648588106881183143860075027476","282494016193523964188626783701663780775","49021832616718029072046934699159946396","262621669241396966009874113528020820900","40747152241652690366603864626319762620","293786451492287877550728868738553476014","282494016193523964188626783701663780775","49021832616718029072046934699159946396","262621669241396966009874113528020820900","197765132649731033161625386878719034172","89976421816588809466690327585262615636","313035832277969079057715448640673343553","237133320437858610579796544738042119817","146332623886857284083948473245931820771","162930312994679493457637214403297892924","295920625043220291579091836584808480703","203582710440809581204638441010246926506","164726394261759559853059388351398466723","161897420356974111907432791812344799348","137687307002449436311660453132744412824","215606665069256844632466586289695473179","146332623886857284083948473245931820771","162930312994679493457637214403297892924","295920625043220291579091836584808480703","169531843312867708755477649100306367874","314766670654084691246523154076265624034","216123780613264000132125613248848410927","142910137319352429424631739328662925879","215606665069256844632466586289695473179","46321484995193383147451730426559179777","202934087545930401803983408208515759895","141376062309704927296055086780378351217","166357067835277723133374145552659712449"]},"deprecated":false,"target":{"file":"src/iec61850/server/mms_mapping/mms_mapping.c"}},{"source":"https://github.com/mz-automation/libiec61850/commit/1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0","signature_version":"v1","signature_type":"Function","id":"CVE-2024-45971-cfe70e61","digest":{"function_hash":"333217710857020059136305845642680322839","length":4898},"deprecated":false,"target":{"function":"mmsServer_handleDefineNamedVariableListRequest","file":"src/mms/iso_mms/server/mms_named_variable_list_service.c"}},{"source":"https://github.com/mz-automation/libiec61850/commit/1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0","signature_version":"v1","signature_type":"Line","id":"CVE-2024-45971-d8df1b08","digest":{"threshold":0.9,"line_hashes":["244226721910828996452586228895752241363","274646295158342511956340055650091828188","304090148214378639357270917171257333684","186916336217910864014370146527177238836","237737296416536506193652079264703828104","37719067095870932902229531731905446132","120518408613621116876515816539998286657","44297929391901730700109209204317204574","63713772956685484115540183230569524832","81089077244382362860037445045340095528","323523295893563591594106612590655768823","23015384179081997972987110365956927288","54541511574280938275425675467983693318","310219802020691800676069208385866359387","240010528964265563809514422676174746644","171639292810383086596867420179212328833","210926073556239659973472844118232069851","66618127478037196719706009874393920174","16650003031675894194829825557633394395","322326646121034293105609219913951584291","43646024339147016662824019922026923190","229122192829202552155823381055575732819","193184881739007605341291028171407163600","92757713695469893070959297671339909752","75032964110603694551930153832945807639","113869514890064343745861983742419599807","208975193708238083326809693826678591103","229122192829202552155823381055575732819","287048535624885616975008262316586477897","271783947753097318100078424317525997227","126705001005683531931669780243971649698","282750284446037647455079270893717065535","188707376583974307915808189410103923495","330192410889471129291518964403833225234","196304937000100686044473195919552628960","4200606520291833290701615030956146630","162678419565129577443774163872078271521","119553495767710763117076229235532863639","309069934318684852521381972953762055754","190320164119845684557697411135938179798","210819252844281485219700629356518196997","227596901842969689096926003591405398940","238143641274648187238239807474388056373","293327742656360665422873995178780352839","316582257755924700247399687621966745754","228183100130931932537148481735813989031","188455002138144066573166686674753540009","291856380538944243363126816737773539743","246986671022672798226052920013531675132","88162879147389512544312471897102752341"]},"deprecated":false,"target":{"file":"src/mms/iso_mms/server/mms_named_variable_list_service.c"}},{"source":"https://github.com/mz-automation/libiec61850/commit/1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0","signature_version":"v1","signature_type":"Function","id":"CVE-2024-45971-f332d361","digest":{"function_hash":"195977274292975755884741893491341873092","length":2949},"deprecated":false,"target":{"function":"mmsReadAccessHandler","file":"src/iec61850/server/mms_mapping/mms_mapping.c"}},{"source":"https://github.com/mz-automation/libiec61850/commit/1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0","signature_version":"v1","signature_type":"Function","id":"CVE-2024-45971-f49f7010","digest":{"function_hash":"294010767136154457031361094560001797743","length":3912},"deprecated":false,"target":{"function":"mmsServer_handleGetNamedVariableListAttributesRequest","file":"src/mms/iso_mms/server/mms_named_variable_list_service.c"}},{"source":"https://github.com/mz-automation/libiec61850/commit/1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0","signature_version":"v1","signature_type":"Line","id":"CVE-2024-45971-f8792253","digest":{"threshold":0.9,"line_hashes":["301783487095839423571639753051099869965","138962995383325682824388601894617609372","100771332100565822959018929578620688754"]},"deprecated":false,"target":{"file":"src/common/inc/string_utilities.h"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}