CVE-2026-13590
MEDIUMseladb PcapPlusPlus Modbus Protocol ModbusLayer.h getLength heap-based overflow
Title source: cnaDescription
A security flaw has been discovered in seladb PcapPlusPlus 25.05. This impacts the function pcpp::ModbusLayer::getLength in the library Packet++/header/ModbusLayer.h of the component Modbus Protocol Handler. The manipulation of the argument length results in heap-based buffer overflow. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is said to be difficult. The exploit has been released to the public and may be used for attacks. The patch is identified as 4c90c3e3418a2b09dc82b7ca5775e9c1e22fe454. Applying a patch is advised to resolve this issue.
References (9)
Core 9
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-374593 | seladb PcapPlusPlus Modbus Protocol ModbusLayer.h getLength heap-based overflow
https://vuldb.com/vuln/374593
Signature, Permissions Required signature
permissions-required
VDB-374593 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/vuln/374593/cti
Third Party Advisory third-party-advisory
CVE-2026-13590 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-13590
Patch issue-tracking
patch
https://github.com/seladb/PcapPlusPlus/pull/2159
Exploit exploit
https://github.com/user-attachments/files/28249048/poc.zip
Product product
https://github.com/seladb/PcapPlusPlus/
Third Party Advisory third-party-advisory
Submit #844483 | PcapPlusPlus v25.05 Heap-based Buffer Overflow
https://vuldb.com/submit/844483
Issue Tracking issue-tracking
https://github.com/seladb/PcapPlusPlus/issues/2155
Scores
CVSS v3
5.6
EPSS
0.0039
EPSS Percentile
31.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-119
CWE-122
Status
published
Products (1)
seladb/PcapPlusPlus
25.05
Published
Jun 29, 2026
Tracked Since
Jun 29, 2026