Description
The BACNet Test Server is vulnerable to a denial of service (DoS) vulnerability when sending malformed BVLC Length UDP packet to port 47808 causing the application to crash.
(67c.2f34): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
*** WARNING: Unable to verify checksum for C:\Program Files (x86)\BACnet Interoperability Testing Services, Inc\BACnet Server\Server.exe
eax=00600000 ebx=00692000 ecx=009bd796 edx=005fee00 esi=005fec04 edi=005fed00
eip=00994313 esp=005fec04 ebp=005fed00 iopl=0 nv up ei pl nz ac pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010216
Server+0x34313:
00994313 8810 mov byte ptr [eax],dl ds:002b:00600000=??
0:000> d 994313 +77
0099438a cccccccc
0099438e cccccccc
00994392 cccccccc
00994396 cccccccc
0099439a cccccccc
0:000> d esp
005fec04 005ff3f8
005fec08 005ff408
005fec0c 00692000
005fec10 cccccccc
005fec14 cccccccc
004fec18 cccccccc