Description
An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_REGISTERS case, aka VD-1301.
References (5)
Core 5
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/stephane/libmodbus/commit/5ccdf5ef79d742640355d1132fa9e2abc7fbaefc
Release Notes, Vendor Advisory x_refsource_misc
https://libmodbus.org/2019/stable-and-development-releases/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HAGHQFJTJCMYHW553OUWJ3YIJR6PJHB7/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRAQZXGAZY6UGWZ6CD33QEFLL7AWW233/
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/11/msg00020.html
Scores
CVSS v3
9.1
EPSS
0.0092
EPSS Percentile
76.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Details
CWE
CWE-125
Status
published
Products (4)
debian/debian_linux
9.0
fedoraproject/fedora
29
fedoraproject/fedora
30
libmodbus/libmodbus
< 3.0.7
Published
Jul 31, 2019
Tracked Since
Feb 18, 2026