CVE-2022-0367Improper Restriction of Operations within the Bounds of a Memory Buffer in Libmodbus

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-787Out-of-bounds Write5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 85.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LibmodbusDebian LibmodbusDebian Linux+2 more
Timeline
PublishedAug 29

Description

A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

debiandebian/libmodbus< libmodbus 3.1.6-2.1 (bookworm)
NVDlibmodbus/libmodbus< 3.1.7
Debianlibmodbus/libmodbus< 3.1.6-2+deb11u1+3
CVEListV5libmodbus/libmodbusFixed in v3.1.7

Also affects: Debian Linux 10.0, Fedora 35

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-w46r-g3fx-q46r: A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus2022-08-29
OSV
CVE-2022-0367: A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus2022-08-29

📋Vendor Advisories

2
CISA
Microsoft Windows Privilege Escalation Vulnerability2022-03-03
Debian
CVE-2022-0367: libmodbus - A heap-based buffer overflow flaw was found in libmodbus in function modbus_repl...2022
CVE-2022-0367 — Libmodbus vulnerability | cvebase