Parsers generated by BinPAC may contain out-of-bounds memory reads due to insufficient validation of field lengths. Reported by John Villamil and Chris Rohlf - Yahoo Paranoids. (CVE-2014-9586)
A DNP3 pseudo link layer length of zero may trigger an assertion or buffer over-read/overflow. Reported by Travis Emmert. (CVE-2015-1521)
Some non-zero values for the DNP3 pseudo link layer length may cause a buffer over-read/overflow. Reported by Travis Emmert. (CVE-2015-1522)We encourage users to review and install at their earliest convenience. For reporting security concerns and vulnerabilities, see: how to report a security vulnerability.
The Bro Team