Skip to content

Apache PLC4X - PLC4C (Only the C language implementation...

High severity Unreviewed Published Dec 20, 2021 to the GitHub Advisory Database • Updated Feb 1, 2023

Package

No package listedSuggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

Apache PLC4X - PLC4C (Only the C language implementation was effected) was vulnerable to an unsigned integer underflow flaw inside the tcp transport. Users should update to 0.9.1, which addresses this issue. However, in order to exploit this vulnerability, a user would have to actively connect to a mallicious device which could send a response with invalid content. Currently we consider the probability of this being exploited as quite minimal, however this could change in the future, especially with the industrial networks growing more and more together.

References

Published by the National Vulnerability Database Dec 19, 2021
Published to the GitHub Advisory Database Dec 20, 2021
Last updated Feb 1, 2023

Severity

High

EPSS score

0.191%
(57th percentile)

Weaknesses

CVE ID

CVE-2021-43083

GHSA ID

GHSA-f935-qq4f-pj9f

Source code

No known source code

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

Learn more about GitHub language support

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.