[Bug 1223697] New: VUL-0: CVE-2023-26793: libmodbus: heap-based buffer overflow vulnerability in read_io_status function in src/modbus.c.
https://bugzilla.suse.com/show_bug.cgi?id=1223697 Bug ID: 1223697 Summary: VUL-0: CVE-2023-26793: libmodbus: heap-based buffer overflow vulnerability in read_io_status function in src/modbus.c. Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/403923/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: sbrabec@suse.com Reporter: smash_bz@suse.de QA Contact: security-team@suse.de CC: andrea.mattiazzo@suse.com Target Milestone: --- Found By: Security Response Team Blocker: --- libmodbus v3.1.10 has a heap-based buffer overflow vulnerability in read_io_status function in src/modbus.c. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26793 https://www.cve.org/CVERecord?id=CVE-2023-26793 https://github.com/stephane/libmodbus/issues/683 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1223697 https://bugzilla.suse.com/show_bug.cgi?id=1223697#c1 --- Comment #1 from Andrea Mattiazzo <andrea.mattiazzo@suse.com> --- No information upstream Tracking as affected: - openSUSE:Backports:SLE-15-SP5/libmodbus 3.1.10 - openSUSE:Backports:SLE-15-SP6/libmodbus 3.1.10 - openSUSE:Factory/libmodbus 3.1.10 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1223697 Maintenance Automation <maint-coord+maintenance-robot@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1223697 https://bugzilla.suse.com/show_bug.cgi?id=1223697#c2 Stanislav Brabec <sbrabec@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CONFIRMED --- Comment #2 from Stanislav Brabec <sbrabec@suse.com> --- However it is more than a year old report, there is apparently no fix yet. https://nvd.nist.gov/vuln/detail/CVE-2023-26793 This vulnerability is currently awaiting analysis. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1223697 https://bugzilla.suse.com/show_bug.cgi?id=1223697#c3 --- Comment #3 from Stanislav Brabec <sbrabec@suse.com> --- Checking the upstream, there is no fix. The upstream issue has no progress. Is it serious enough to start a research? Note that we have no Modbus testing hardware. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1223697 https://bugzilla.suse.com/show_bug.cgi?id=1223697#c4 Stanislav Brabec <sbrabec@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CONFIRMED |IN_PROGRESS --- Comment #4 from Stanislav Brabec <sbrabec@suse.com> --- According to the upstream tracker, this is not a bug in the implementation but a bug in the unit test. So the buffer overflow exists only in the test, not the implementation. Let's wait for confirmation from the developer, but it seems that we can ignore that. Unit test is not part of the installed and exploitable code. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1223697 https://bugzilla.suse.com/show_bug.cgi?id=1223697#c5 Stanislav Brabec <sbrabec@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INVALID Status|IN_PROGRESS |RESOLVED --- Comment #5 from Stanislav Brabec <sbrabec@suse.com> --- The issue is still open in the upstream. But as the discussion explicitly shows the buffer overflow in the reproducer unit test, I guess we can close this but as INVALID. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1223697 SMASH SMASH <smash_bz@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| |CVSSv3.1:SUSE:CVE-2023-2679 | |3:9.8:(AV:N/AC:L/PR:N/UI:N/ | |S:U/C:H/I:H/A:H) Priority|P3 - Medium |P1 - Urgent -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1223697 SMASH SMASH <smash_bz@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P1 - Urgent |P4 - Low Whiteboard|CVSSv3.1:SUSE:CVE-2023-2679 |CVSSv3.1:SUSE:CVE-2023-2679 |3:9.8:(AV:N/AC:L/PR:N/UI:N/ |3:0.0:(AV:N/AC:L/PR:N/UI:N/ |S:U/C:H/I:H/A:H) |S:U/C:N/I:N/A:N) -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1223697 https://bugzilla.suse.com/show_bug.cgi?id=1223697#c6 --- Comment #6 from Andrea Mattiazzo <andrea.mattiazzo@suse.com> --- (In reply to Stanislav Brabec from comment #5)
The issue is still open in the upstream. But as the discussion explicitly shows the buffer overflow in the reproducer unit test, I guess we can close this but as INVALID.
Agree, let's close it as INVALID. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com