Fluid Attacks Database

Description

libmodbus v3.1.6 was discovered to contain a use-after-free via the ctx->backend pointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	libmodbus	=3.1.6-2 \|\| >=0 <3.1.6-2+deb11u1	3.1.6-2+deb11u1
debian 12	libmodbus	>=0 <3.1.6-2.1	3.1.6-2.1
debian 13	libmodbus	>=0 <3.1.6-2.1	3.1.6-2.1
debian 14	libmodbus	>=0 <3.1.6-2.1	3.1.6-2.1

Aliases

1. CVE-2024-368442. NVD-2024-368443. OSV-DEBIAN-2024-368444. OSV-2024-368445. SECURITY-TRACKER-CVE-2024-36844

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.