漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
libais 0.15 - Out-of-bounds Vector Access in VdmStream::AddLine via Invalid Sequential Message ID
Vulnerability Description
libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range sequential message IDs. Remote attackers can crash services or vessel systems by sending crafted AIVDM sentences over VHF marine radio or IP feeds, causing out-of-bounds memory access and potential corruption.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
对数组索引的验证不恰当
Vulnerability Title
schwehr libais 输入验证错误漏洞
Vulnerability Description
schwehr libais是schwehr个人开发者开源的一款用于解码海事自动识别系统信息的库。 schwehr libais 0.15及之前版本存在输入验证错误漏洞,该漏洞源于处理AIS句子时未检查向量索引的哨兵值,在处理空或超出范围的序列消息ID时,可能导致访问超界内存和潜在损坏。远程攻击者可通过VHF海事无线电或IP源发送特制AIVDM句子,导致服务或船舶系统崩溃。
CVSS Information
N/A
Vulnerability Type
N/A