BACnet Test Server 1.01 Malformed BVLC Length DoS

Advisories

severity: high
date: November 26, 2025
Affecting: BACnet Test Server <= 1.01
BACnet Stack v0.5.7
An affected firmware range remains undefined
CVE: CVE-2020-36872
CWE: CWE-400 Uncontrolled Resource Consumption
CVSS: 8.7
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
References: Zero Science Lab Disclosure
ExploitDB-48860
PacketStorm-159504
CXSECurity (WLB-2020100045)
BACnet Test Server Product Site
Credit: Gjoko Krstic of Zero Science Lab
Description: BACnet Test Server versions up to and including 1.01 contains a remote denial of service vulnerability in its BACnet/IP BVLC packet handling. The server fails to properly validate the BVLC Length field in incoming UDP BVLC frames on the default BACnet port (47808/udp). A remote unauthenticated attacker can send a malformed BVLC Length value to trigger an access violation and crash the application, resulting in a denial of service.