CNNVD-202512-638 Information
CNNVD ID
CNNVD-202512-638
Related CVE
- CNNVD Published: 2025-12-05
Description (Chinese)
BACnet Stack是BACnet Stack开源的一个适用于嵌入式系统、Linux、MacOS、BSD 和 Windows 的 BACnet 开源协议栈 C 库。 BACnet Stack 1.5.0.rc2之前版本存在缓冲区错误漏洞,该漏洞源于npdu_is_expected_reply函数未验证APDU字节存在,可能导致越界读取和拒绝服务。
Description (English)
BACnet Stack is a BACnet Open Source Library C for embedded systems, Linux, MacOS, BSD and Windows. The pre-Bacnet Stack 1.5.0.rc2 version has an error loophole in the buffer zone, which stems from the fact that the notpdu is expected reply function does not verify the presence of the PDF bytes, which may lead to cross-border reading and denial of services.
Hazard Level
High
Vulnerability Type
缓冲区错误
Affected Vendor
BACnet Stack
Published
2025-12-05
Last Modified
2026-02-24
References
https://github.com/bacnet-stack/bacnet-stack/commit/9378f7d1e70169ebde4a5090bae7603703eadf48 https://github.com/bacnet-stack/bacnet-stack/security/advisories/GHSA-8wgw-5h6x-qgqg https://access.redhat.com/security/cve/cve-2025-66624
Patch
https://github.com/bacnet-stack/bacnet-stack/tags
Share on: