Fluid Attacks Database

Description

Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10 allows to overflow the buffer allocated for the Modbus response if the function tries to reply to a Modbus request with an unexpected length.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	libmodbus	=3.1.10-1 \|\| =3.1.10-2 \|\| =3.1.11-1 \|\| =3.1.11-2 \|\| =3.1.6-2.1	-
debian 11	libmodbus	=3.1.6-2 \|\| >=0 <3.1.6-2+deb11u1	3.1.6-2+deb11u1
debian 13	libmodbus	>=0 <3.1.11-1	3.1.11-1
debian 14	libmodbus	>=0 <3.1.11-1	3.1.11-1

Aliases

1. CVE-2024-109182. NVD-2024-109183. OSV-DEBIAN-2024-109184. OSV-2024-109185. SECURITY-TRACKER-CVE-2024-10918

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.