Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2020-36872
PUBLISHED
More InfoOfficial Page
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
View Known Exploited Vulnerability (KEV) details
Published At-26 Nov, 2025 | 22:13
Updated At-28 Nov, 2025 | 19:22
Rejected At-
▼CVE Numbering Authority (CNA)
BACnet Test Server 1.01 Malformed BVLC Length DoS

BACnet Test Server versions up to and including 1.01 contains a remote denial of service vulnerability in its BACnet/IP BVLC packet handling. The server fails to properly validate the BVLC Length field in incoming UDP BVLC frames on the default BACnet port (47808/udp). A remote unauthenticated attacker can send a malformed BVLC Length value to trigger an access violation and crash the application, resulting in a denial of service.

Affected Products
Vendor
BACnet Interoperability Test Services, Inc.
Product
BACnet Test Server
Default Status
unaffected
Versions
Affected
  • From 0 through 1.01 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-400CWE-400 Uncontrolled Resource Consumption
Type: CWE
CWE ID: CWE-400
Description: CWE-400 Uncontrolled Resource Consumption
Metrics
VersionBase scoreBase severityVector
4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Gjoko Krstic of Zero Science Lab
Timeline
EventDate
Exploit is publicly disclosed2020-06-10 16:00:00
Event: Exploit is publicly disclosed
Date: 2020-06-10 16:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5597.php
technical-description
exploit
https://www.exploit-db.com/exploits/48860
exploit
https://packetstormsecurity.com/files/159504
exploit
https://cxsecurity.com/issue/WLB-2020100045
exploit
https://www.bac-test.com/
product
https://www.vulncheck.com/advisories/bacnet-test-server-malformed-bvlc-length-dos
third-party-advisory
Hyperlink: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5597.php
Resource:
technical-description
exploit
Hyperlink: https://www.exploit-db.com/exploits/48860
Resource:
exploit
Hyperlink: https://packetstormsecurity.com/files/159504
Resource:
exploit
Hyperlink: https://cxsecurity.com/issue/WLB-2020100045
Resource:
exploit
Hyperlink: https://www.bac-test.com/
Resource:
product
Hyperlink: https://www.vulncheck.com/advisories/bacnet-test-server-malformed-bvlc-length-dos
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found