CVE-2026-13592: Out-of-bounds Write in liftoff-sr CIPster
A vulnerability was detected in liftoff-sr CIPster up to e8e9dba09bf56962807d3504b783ccdb6287f3e4. Affected by this issue is the function BufWriter::append of the component EtherNet IP Message Handler. Performing a manipulation results in out-of-bounds write. Remote exploitation of the attack is possible. The exploit is now public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The patch is named 3a0159ed43125dcd024a1965f0289cb186bae9ff. To fix this issue, it is recommended to deploy a patch.
AI Analysis
Technical Summary
This vulnerability in liftoff-sr CIPster up to commit e8e9dba09bf56962807d3504b783ccdb6287f3e4 involves an out-of-bounds write in the BufWriter::append function within the EtherNet IP Message Handler component. The issue arises from improper memory handling during message processing, enabling remote attackers to write outside intended memory bounds. The product follows a rolling release approach, so no fixed version numbers are provided. A patch commit 3a0159ed43125dcd024a1965f0289cb186bae9ff addresses the vulnerability. The CVSS 4.0 base score is 6.9, indicating medium severity with network attack vector, no privileges or user interaction required, and low to limited impact on confidentiality, integrity, and availability.
Potential Impact
The vulnerability allows remote attackers to perform out-of-bounds writes, which can lead to memory corruption. This may result in denial of service or potentially arbitrary code execution depending on the exploitation context. The CVSS score of 6.9 reflects a medium severity with network attack vector and no required privileges or user interaction. The impact on confidentiality, integrity, and availability is low to limited but still significant enough to warrant patching.
Mitigation Recommendations
A patch identified by commit 3a0159ed43125dcd024a1965f0289cb186bae9ff is recommended to fix this vulnerability. Since the product uses a rolling release model, users should update to the latest version that includes this patch. Patch status is not explicitly confirmed beyond this recommendation; therefore, users should verify with the vendor or project repository for the current remediation status and apply the patch accordingly.
CVE-2026-13592: Out-of-bounds Write in liftoff-sr CIPster
Description
A vulnerability was detected in liftoff-sr CIPster up to e8e9dba09bf56962807d3504b783ccdb6287f3e4. Affected by this issue is the function BufWriter::append of the component EtherNet IP Message Handler. Performing a manipulation results in out-of-bounds write. Remote exploitation of the attack is possible. The exploit is now public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The patch is named 3a0159ed43125dcd024a1965f0289cb186bae9ff. To fix this issue, it is recommended to deploy a patch.
CVSS v4.0
Score 6.9medium
Affected software
cpe:2.3:a:liftoff-sr:cipster:*:*:*:*:*:*:*:*AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in liftoff-sr CIPster up to commit e8e9dba09bf56962807d3504b783ccdb6287f3e4 involves an out-of-bounds write in the BufWriter::append function within the EtherNet IP Message Handler component. The issue arises from improper memory handling during message processing, enabling remote attackers to write outside intended memory bounds. The product follows a rolling release approach, so no fixed version numbers are provided. A patch commit 3a0159ed43125dcd024a1965f0289cb186bae9ff addresses the vulnerability. The CVSS 4.0 base score is 6.9, indicating medium severity with network attack vector, no privileges or user interaction required, and low to limited impact on confidentiality, integrity, and availability.
Potential Impact
The vulnerability allows remote attackers to perform out-of-bounds writes, which can lead to memory corruption. This may result in denial of service or potentially arbitrary code execution depending on the exploitation context. The CVSS score of 6.9 reflects a medium severity with network attack vector and no required privileges or user interaction. The impact on confidentiality, integrity, and availability is low to limited but still significant enough to warrant patching.
Mitigation Recommendations
A patch identified by commit 3a0159ed43125dcd024a1965f0289cb186bae9ff is recommended to fix this vulnerability. Since the product uses a rolling release model, users should update to the latest version that includes this patch. Patch status is not explicitly confirmed beyond this recommendation; therefore, users should verify with the vendor or project repository for the current remediation status and apply the patch accordingly.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-06-29T05:04:24.896Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a42b42727e9c7971940f80f
Added to database: 06/29/2026, 18:06:31 UTC
Last enriched: 06/29/2026, 18:22:56 UTC
Last updated: 06/29/2026, 22:13:50 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.