제출 #844566: liftoff-sr CIPster master (reproduced on 1802525be27d33e19a9a83c163e331a1d13b1892) Out-of-bounds Read/Write정보

제목liftoff-sr CIPster master (reproduced on 1802525be27d33e19a9a83c163e331a1d13b1892) Out-of-bounds Read/Write
설명CIPster master contains an API-enabled deployment reachable memory corruption issue in its generic attribute handling. In a deployment that exposes the same ByteBuf object header through both a writable/readable kCipByteArray attribute and a writable/readable kCipUdint attribute, a remote unauthenticated EtherNet/IP explicit-message client can first use SetAttributeSingle on the kCipUdint alias to overwrite the low 32 bits of ByteBuf.start while leaving ByteBuf.limit unchanged. This corrupts the shared ByteBuf metadata and expands the logical size seen by later generic handlers. A subsequent GetAttributeSingle on the kCipByteArray alias triggers an out-of-bounds read in the generic EncodeData -> BufWriter::append -> memcpy path, while a subsequent SetAttributeSingle on the same kCipByteArray alias triggers an out-of-bounds write in the generic DecodeData -> BufWriter::append -> memcpy path. The crash occurs inside CIPster core code rather than in application-specific memcpy logic. This issue is not claimed to be directly reachable in the default stock sample as shipped; it is reachable in API-enabled deployments created through CIPster's public object/attribute registration model. The demonstrated impact is unauthenticated remote process crash, with independently triggerable out-of-bounds read and out-of-bounds write primitives.
원천⚠️ https://github.com/liftoff-sr/CIPster/issues/48
사용자
 Carnegie (UID 98671)
제출2026. 06. 01. AM 08:02 (1 월 ago)
모더레이션2026. 06. 29. AM 07:04 (28 days later)
상태수락
VulDB 항목374596 [liftoff-sr CIPster 까지 e8e9dba09bf56962807d3504b783ccdb6287f3e4 EtherNet IP Message BufWriter::append 메모리 손상]
포인트들20

Might our Artificial Intelligence support you?

Check our Alexa App!