CVE-2022-0367

NameCVE-2022-0367
DescriptionA heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3098-1
Debian Bugs1021270

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libmodbus (PTS)bullseye3.1.6-2vulnerable
bookworm3.1.6-2.1fixed
sid, trixie3.1.10-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libmodbussourcebuster3.1.4-2+deb10u2DLA-3098-1
libmodbussource(unstable)3.1.6-2.11021270

Notes

[bullseye] - libmodbus <no-dsa> (Minor issue)
https://bugzilla.redhat.com/show_bug.cgi?id=2045571
https://github.com/stephane/libmodbus/issues/614
Fixed by: https://github.com/stephane/libmodbus/commit/b4ef4c17d618eba0adccc4c7d9e9a1ef809fc9b6 (v3.1.7)
Search for package or bug name: Reporting problems