ALT-PU-2024-18434-2

Package update libmodbus in branch sisyphus

Version3.1.11-alt1

Published2026-03-11

Max severityCRITICAL

Severity:

Closed issues (4)

MEDIUM4.8

Уязвимость библиотеки взаимодействия с устройствами Modbus LibModbus, связанная с переполнением буфера на стеке, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании

Published: 2026-03-10Modified: 2026-05-06

CVSS 3.xMEDIUM 4.8

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:P/A:P

References

CVE-2024-10918

CRITICAL9.8

libmodbus v3.1.10 has a heap-based buffer overflow vulnerability in read_io_status function in src/modbus.c.

Published: 2024-05-01Modified: 2025-05-05

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

CRITICAL9.8

Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10 allows to overflow the buffer allocated for the Modbus response if the function tries to reply to a Modbus request with an unexpected length.

Published: 2025-02-27Modified: 2025-11-03

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

HIGH7.5

libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbus_write_bits function. This issue can be triggered when the function is fed with specially crafted input, which leads to out-of-bounds read and can potentially cause a crash or other unintended behaviors.

Published: 2024-05-08Modified: 2025-05-05

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References