2 matches found
Buffer overflow
analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not properly handle zero values of a packet length, which allows remote attackers to cause a denial of service buffer overflow or buffer over-read if NDEBUG; otherwise assertion failure via a crafted DNP3 packet...
CVE-2015-1522
analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not reject certain non-zero values of a packet length, which allows remote attackers to cause a denial of service buffer overflow or buffer over-read via a crafted DNP3 packet...