-
-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A deep heap buffer overflow vulnerability exists in modbus_mapping_free #748
Comments
CVE-2024-36843 "libmodbus v3.1.6 was discovered to contain a heap overflow via the modbus_mapping_free() function." |
Sorry, what? How is this supposed to work? The Anyway, I fail to reproduce this. In current libmodbus git master:
and in another terminal:
Output is:
You reported version
v3.1.7 is the first release containing that fix. I suggest to just close this issue. Edit: Previous reports: |
libmodbus version
libmodbus v3.1.6
OS and/or distribution
Ubuntu 18
Environment
..
Description
A heap-buffer-overflow vulnerability exists in modbus_mapping_free()
Actual behavior if applicable
double free or corruption (out)
Expected behavior or suggestion
everything is normal
Steps to reproduce the behavior (commands or source code)
POC:
Poc.zip
I. ASAN
$ ./tests/unit-test-server
II. gdb
gdb ./unit-test-server
run < ./POC
libmodbus output with debug mode enabled
The text was updated successfully, but these errors were encountered: