Stack-Based Buffer Overflow in libmodbus Affects Users
CVE-2024-10918

4.8MEDIUM

Key Information:

Vendor: LIBModbus
Status: LIBModbus
Vendor: CVE Published:; 27 February 2025

Summary

A stack-based buffer overflow in libmodbus version 3.1.10 poses a security risk by allowing an overflow of the buffer designated for Modbus responses. This vulnerability occurs when the software attempts to send a reply to a Modbus request that contains an unexpected length, potentially leading to compromised system integrity and unauthorized access. Users of affected versions should assess their configurations and apply necessary updates to mitigate the risk.

Affected Version(s)

libmodbus 0 <= 3.1.10

References

https://www.nozominetworks.com/labs/vulnerability-advisor...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Nov 6, 2024

Credit

Gabriele Quagliarella of Nozomi Networks found this bug during a security research activity.