CVE-2019-14462Out-of-bounds Read in Libmodbus

CWE-125Out-of-bounds Read9 documents6 sources
Severity
9.1CRITICALNVD
EPSS
0.8%
top 26.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LibmodbusDebian LibmodbusDebian Linux+1 more
Timeline
PublishedJul 31
Latest updateMay 24

Description

An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_COILS case, aka VD-1302.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

debiandebian/libmodbus< libmodbus 3.1.6-1 (bookworm)
NVDlibmodbus/libmodbus3.1.03.1.5+1
Debianlibmodbus/libmodbus< 3.1.6-1+3

Also affects: Debian Linux 9.0, Fedora 29, 30

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-8rvx-q9m8-37qc: An issue was discovered in libmodbus before 32022-05-24
OSV
CVE-2019-14462: An issue was discovered in libmodbus before 32019-07-31

📋Vendor Advisories

3
Ubuntu
libmodbus vulnerabilities2021-12-09
Ubuntu
libmodbus vulnerabilities2021-12-06
Debian
CVE-2019-14462: libmodbus - An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There ...2019

💬Community

3
Bugzilla
CVE-2019-14462 libmodbus: out-of-bounds read in MODBUS_FC_WRITE_MULTIPLE_COILS2019-11-12
Bugzilla
CVE-2019-14462 libmodbus: out-of-bounds read in MODBUS_FC_WRITE_MULTIPLE_COILS [fedora-all]2019-11-12
Bugzilla
CVE-2019-14462 libmodbus: out-of-bounds read in MODBUS_FC_WRITE_MULTIPLE_COILS [epel-all]2019-11-12
CVE-2019-14462 — Out-of-bounds Read in Libmodbus | cvebase