CVE-2022-0367
HIGHlibmodbus < 3.1.7 - Heap-Based Buffer Overflow in modbus_reply()
Title source: llmDescription
A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c.
References (5)
Core 5
Core References
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/stephane/libmodbus/issues/614
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=2045571
Patch, Third Party Advisory x_refsource_misc
https://github.com/stephane/libmodbus/commit/b4ef4c17d618eba0adccc4c7d9e9a1ef809fc9b6
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2022/09/msg00007.html
Scores
CVSS v3
7.8
EPSS
0.0005
EPSS Percentile
14.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
CWE-787
Status
published
Products (4)
debian/debian_linux
10.0
fedoraproject/extra_packages_for_enterprise_linux
7.0
fedoraproject/fedora
35
libmodbus/libmodbus
< 3.1.7
Published
Aug 29, 2022
Tracked Since
Feb 18, 2026