CVE-2024-45971: Libiec61850 Unsafe Create String From Buffer In Buffer
Call to StringUtils_createStringFromBufferInBuffer() copies `size` bytes into a fixed-size destination buffer via an unchecked memcpy plus NUL terminator. When `size` is derived from an untrusted source (for example an MMS / BER TLV length field from a peer), this leads to a stack/heap buffer overflow (CVE-2024-45971, CWE-120). Use StringUtils_createStringFr
greprules fetch cve-2024-45971-libiec61850-unsafe-create-string-from-buffer-in-buffer --engine opengrepDescription
Call to StringUtils_createStringFromBufferInBuffer() copies `size` bytes into a fixed-size destination buffer via an unchecked memcpy plus NUL terminator. When `size` is derived from an untrusted source (for example an MMS / BER TLV length field from a peer), this leads to a stack/heap buffer overflow (CVE-2024-45971, CWE-120). Use StringUtils_createStringFr
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.