[Bug 1225828] New: VUL-0: CVE-2024-36844: libmodbus: use-after-free via the ctx->backend pointer in modbus.c
https://bugzilla.suse.com/show_bug.cgi?id=1225828 Bug ID: 1225828 Summary: VUL-0: CVE-2024-36844: libmodbus: use-after-free via the ctx->backend pointer in modbus.c Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/408371/ OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Security Assignee: sbrabec@suse.com Reporter: smash_bz@suse.de QA Contact: security-team@suse.de CC: camila.matos@suse.com Target Milestone: --- Found By: Security Response Team Blocker: --- libmodbus v3.1.6 was discovered to contain a use-after-free via the ctx->backend pointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-36844 https://www.cve.org/CVERecord?id=CVE-2024-36844 https://github.com/stephane/libmodbus/issues/749 https://bugzilla.redhat.com/show_bug.cgi?id=2284255 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1225828 Maintenance Automation <maint-coord+maintenance-robot@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1225828 https://bugzilla.suse.com/show_bug.cgi?id=1225828#c2 Stanislav Brabec <sbrabec@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CONFIRMED --- Comment #2 from Stanislav Brabec <sbrabec@suse.com> --- Checking the upstream, there is no fix. The upstream issue has no progress. Redhat Bugzilla has no progress yet. The crash of use after free affects at least debug mode, but the problem could be deeper in the library. (The memory is freed earlier, and the crash appears in a moment when the freed contents is used.) Is it serious enough to start a research? Note that we have no Modbus testing hardware. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1225828 https://bugzilla.suse.com/show_bug.cgi?id=1225828#c3 Stanislav Brabec <sbrabec@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|CONFIRMED |RESOLVED --- Comment #3 from Stanislav Brabec <sbrabec@suse.com> --- Upstream closed the bug. Fix seems to be https://github.com/stephane/libmodbus/commit/b4ef4c17d618eba0adccc4c7d9e9a1e... All affected repositories already contain libmodbus-3.1.10, which is not affected. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com