airpig2011 IEC104 Null Pointer Dereference Vulnerability Leading to Denial-of-Service
Vulnerability
A null pointer dereference vulnerability has been identified in airpig2011 IEC104, affecting versions through commit be6d841 (2019-07-08). This vulnerability arises when multiple threads concurrently enqueue elements using the IEC10X_PrioEnQueue function. The function may inadvertently dereference a null or already-freed queue pointer, causing a segmentation fault and a potential denial-of-service condition.
Impact
Exploitation of this vulnerability leads to a segmentation fault, causing a denial-of-service condition by crashing the application.
Reproduction
To reproduce this vulnerability, compile the 'iec104_monitor' program with AddressSanitizer enabled to detect memory errors. Then, run the program in client mode with 100 concurrent threads, targeting port 10000. This will trigger a race condition that causes concurrent enqueue operations to dereference a null pointer, resulting in a segmentation fault. The AddressSanitizer will report the error, indicating a null pointer dereference in the 'IEC10X_PrioEnQueue' function.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.