CNNVD-202602-2214 Information
CNNVD ID
CNNVD-202602-2214
Related CVE
- CNNVD Published: 2026-02-13
Description (Chinese)
BACnet Stack是BACnet Stack开源的一个适用于嵌入式系统、Linux、MacOS、BSD 和 Windows 的 BACnet 开源协议栈 C 库。 BACnet Stack 1.5.0rc4之前版本和1.4.3rc2之前版本存在缓冲区错误漏洞,该漏洞源于处理格式错误的WriteProperty请求时可能触发长度下溢,导致越界读取和崩溃。
Description (English)
BACnet Stack is a BACnet Open Source Library C for embedded systems, Linux, MacOS, BSD and Windows. The previous version of the BACnet Stack 1.5.0rc4 and the previous version of 1.4.3rc2 had an error loophole in the buffer zone, which arose from the potential to trigger a spill in the length of the WriteProperty request when it was processed in the wrong format, leading to cross-border reading and collapse.
Vulnerability Type
缓冲区错误
Affected Vendor
BACnet Stack
Published
2026-02-13
Last Modified
2026-02-24
References
https://github.com/bacnet-stack/bacnet-stack/commit/4cc8067c86f26e2b08b2c8f4d27f8e07de4d4708 https://github.com/bacnet-stack/bacnet-stack/security/advisories/GHSA-phjh-v45p-gmjj
Patch
https://github.com/bacnet-stack/bacnet-stack/tags
Share on: