CVE-2019-14463Out-of-bounds Read in Libmodbus

CWE-125Out-of-bounds ReadCWE-126Buffer Over-read11 documents7 sources
Severity
9.1CRITICALNVD
EPSS
0.9%
top 24.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LibmodbusDebian LibmodbusDebian Linux+1 more
Timeline
PublishedJul 31
Latest updateMay 24

Description

An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_REGISTERS case, aka VD-1301.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

debiandebian/libmodbus< libmodbus 3.1.6-1 (bookworm)
NVDlibmodbus/libmodbus3.1.03.1.5+1
Debianlibmodbus/libmodbus< 3.1.6-1+3

Also affects: Debian Linux 9.0, Fedora 29, 30

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-p6hf-772c-jqqx: An issue was discovered in libmodbus before 32022-05-24
OSV
CVE-2019-14463: An issue was discovered in libmodbus before 32019-07-31

📋Vendor Advisories

5
Ubuntu
libmodbus vulnerabilities2021-12-09
Ubuntu
libmodbus vulnerabilities2021-12-06
Red Hat
tcpdump: Buffer over-read in vrrp_print() function in print-vrrp.c2019-10-02
Red Hat
tcpdump: Buffer over-read in vrrp_print() function in print-vrrp.c2019-08-18
Debian
CVE-2019-14463: libmodbus - An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There ...2019

💬Community

3
Bugzilla
CVE-2019-14463 libmodbus: out-of-bounds read in MODBUS_FC_WRITE_MULTIPLE_COILS [fedora-all]2019-11-12
Bugzilla
CVE-2019-14463 libmodbus: out-of-bounds read in MODBUS_FC_WRITE_MULTIPLE_COILS [epel-all]2019-11-12
Bugzilla
CVE-2019-14463 libmodbus: out-of-bounds read in MODBUS_FC_WRITE_MULTIPLE_COILS2019-11-12
CVE-2019-14463 — Out-of-bounds Read in Libmodbus | cvebase