2284259 – (CVE-2024-36845) CVE-2024-36845 libmodbus: denial of service

Bug 2284259 (CVE-2024-36845) - CVE-2024-36845 libmodbus: denial of service

Summary: CVE-2024-36845 libmodbus: denial of service

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2024-36845
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2284260 2284261
Blocks:
TreeView+	depends on / blocked

Reported:	2024-06-02 14:16 UTC by ybuenos
Modified:	2024-07-17 16:23 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2024-07-17 16:23:44 UTC
Embargoed:

Attachments	(Terms of Use)

Description ybuenos 2024-06-02 14:16:17 UTC

An invalid pointer in the modbus_receive() function of libmodbus v3.1.6 allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server.

https://github.com/stephane/libmodbus/issues/750

Comment 1 ybuenos 2024-06-02 14:16:37 UTC

Created libmodbus tracking bugs for this issue:

Affects: epel-all [bug 2284260]
Affects: fedora-all [bug 2284261]

Comment 2 Eric Sandeen 2024-07-17 16:23:44 UTC

This is a duplicate of CVE-2024-36843 (and of bug #2284252), see discussion in https://github.com/stephane/libmodbus/issues/750.

The flaw is fixed in version 3.1.7 which is already present in all supported distributions, so closing NOTABUG.

Note You need to log in before you can comment on or make changes to this bug.