Heap-Based Buffer Overflow in Libmodbus Affects Multiple Platforms
CVE-2022-0367

7.8HIGH

Key Information:

Vendor

LIBModbus

Status
LIBModbus
Vendor
CVE Published:
29 August 2022

What is CVE-2022-0367?

A heap-based buffer overflow vulnerability exists in the Libmodbus library in the function modbus_reply() located in src/modbus.c. This flaw may allow a remote attacker to exploit the system through specially crafted requests, leading to potential execution of arbitrary code or denial of service. It affects various products utilizing the Libmodbus version prior to 3.1.6. Users and administrators are advised to update to the latest version to mitigate risks associated with this vulnerability.

Affected Version(s)

libmodbus Fixed in v3.1.7

References

https://github.com/stephane/libmodbus/issues/614
x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=2045571
x_refsource_MISC
https://github.com/stephane/libmodbus/commit/b4ef4c17d618...
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.