CVE-2026-16013
Deferred Deferred - Pending Action

Out-of-Bounds Read in Liftoff-SR CIPster

Vulnerability report for CVE-2026-16013, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-17

Last updated on: 2026-07-17

Assigner: VulDB

Description

A vulnerability has been found in liftoff-sr CIPster up to 632336d414ef708a542377c1aa8d6fdb7c70a760. Affected by this issue is the function CipAppPath::deserialize_symbolic of the file source/src/cip/cipepath.cc. Such manipulation leads to out-of-bounds read. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The name of the patch is 886a4d090e1c5b0475f0b1c2fe0606a8f0d6a519. A patch should be applied to remediate this issue.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-17
Last Modified
2026-07-17
Generated
2026-07-17
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
liftoff-sr cipster to 632336d414ef708a542377c1aa8d6fdb7c70a760 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an out-of-bounds read issue in the CIPster project, specifically in the CipAppPath::deserialize_symbolic function of the file source/src/cip/cipepath.cc. The flaw occurs when processing crafted network packets with truncated symbolic segments, causing the parser to read beyond the valid input buffer during a memcpy operation. This can lead to memory corruption and potential crashes.

Detection Guidance

To detect this vulnerability, monitor for crashes or denial of service in CIPster-based EtherNet/IP devices when processing crafted SendRRData packets with truncated symbolic segments. Use network traffic analysis tools like Wireshark to inspect incoming packets for malformed symbolic segments. Enable AddressSanitizer or similar tools during compilation to catch buffer over-reads.

Impact Analysis

The vulnerability can be exploited remotely by sending malformed EtherNet/IP packets to a vulnerable CIPster server. This may cause the server to crash or become unavailable, resulting in a denial of service. The attack does not require authentication and can be launched over a network, making it a serious risk for systems using affected CIPster versions.

Compliance Impact

This vulnerability is an out-of-bounds read in an industrial protocol stack (EtherNet/IP) that could allow remote denial of service or crashes. While not directly tied to GDPR or HIPAA, such vulnerabilities may impact compliance by exposing systems handling sensitive data to disruptions or unauthorized access risks.

Mitigation Strategies

Apply the patch from commit 886a4d090e1c5b0475f0b1c2fe0606a8f0d6a519 to replace unsafe memcpy with safer BufReader methods. Update input validation to ensure tag buffer sizes match declared symbolic lengths. Monitor for unusual network traffic targeting EtherNet/IP ports.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-16013. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart