Fluid Attacks Database

Description

An invalid pointer in the modbus_receive() function of libmodbus v3.1.6 allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	libmodbus	=3.1.6-2 \|\| >=0 <3.1.6-2+deb11u1	3.1.6-2+deb11u1
debian 12	libmodbus	>=0 <3.1.6-2.1	3.1.6-2.1
debian 13	libmodbus	>=0 <3.1.6-2.1	3.1.6-2.1
debian 14	libmodbus	>=0 <3.1.6-2.1	3.1.6-2.1

Aliases

1. CVE-2024-368452. NVD-2024-368453. OSV-DEBIAN-2024-368454. OSV-2024-368455. SECURITY-TRACKER-CVE-2024-36845

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.