Source: libmodbus X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerabilities were published for libmodbus. CVE-2024-36843[0]: | libmodbus v3.1.6 was discovered to contain a heap overflow via the | modbus_mapping_free() function. https://github.com/stephane/libmodbus/issues/748 CVE-2024-36844[1]: | libmodbus v3.1.6 was discovered to contain a use-after-free via the | ctx->backend pointer. This vulnerability allows attackers to cause a | Denial of Service (DoS) via a crafted message sent to the unit-test- | server. https://github.com/stephane/libmodbus/issues/749 CVE-2024-36845[2]: | An invalid pointer in the modbus_receive() function of libmodbus | v3.1.6 allows attackers to cause a Denial of Service (DoS) via a | crafted message sent to the unit-test-server. https://github.com/stephane/libmodbus/issues/750 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-36843 https://www.cve.org/CVERecord?id=CVE-2024-36843 [1] https://security-tracker.debian.org/tracker/CVE-2024-36844 https://www.cve.org/CVERecord?id=CVE-2024-36844 [2] https://security-tracker.debian.org/tracker/CVE-2024-36845 https://www.cve.org/CVERecord?id=CVE-2024-36845 Please adjust the affected versions in the BTS as needed.
