libmodbus.so is vulnerable to heap-based buffer overflow. The vulnerability exists in modbus_reply
function at src/modbus.c
because it does not check for the null values earlier. which allows an attacker to cause a buffer overflow.
CPE | Name | Operator | Version |
---|---|---|---|
libmodbus.so | le | 5.1.0 | |
libmodbus.so | le | 5.1.0 | |
libmodbus | eq | 3.1.6-r1 | |
libmodbus:3.16 | eq | 3.1.6-r1 |
bugzilla.redhat.com/show_bug.cgi?id=2045571
github.com/advisories/GHSA-w46r-g3fx-q46r
github.com/stephane/libmodbus/commit/b4ef4c17d618eba0adccc4c7d9e9a1ef809fc9b6
github.com/stephane/libmodbus/issues/614
github.com/stephane/libmodbus/releases/tag/v3.1.7
lists.debian.org/debian-lts-announce/2022/09/msg00007.html
www.libmodbus.org/download/