CVE-2019-14463

An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_REGISTERS case, aka VD-1301.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
VendorProductVersion
libmodbuslibmodbus
𝑥
< 3.0.7
libmodbuslibmodbus
3.1.0 ≤
𝑥
< 3.1.5
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libmodbus
bullseye
3.1.6-2
fixed
jessie
no-dsa
bookworm
3.1.6-2.1
fixed
sid
3.1.10-2
fixed
trixie
3.1.10-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libmodbus
jammy
not-affected
impish
not-affected
hirsute
not-affected
groovy
not-affected
focal
not-affected
eoan
not-affected
disco
ignored
bionic
Fixed 3.0.6-2+deb9u1build0.18.04.1
released
xenial
Fixed 3.0.6-1ubuntu0.1~esm1
released
trusty
Fixed 3.0.5-1ubuntu0.1~esm1
released
Common Weakness Enumeration
References
https://github.com/stephane/libmodbus/commit/5ccdf5ef79d742640355d1132fa9e2abc7fbaefc
https://libmodbus.org/2019/stable-and-development-releases/
https://lists.debian.org/debian-lts-announce/2021/11/msg00020.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HAGHQFJTJCMYHW553OUWJ3YIJR6PJHB7/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRAQZXGAZY6UGWZ6CD33QEFLL7AWW233/
https://github.com/stephane/libmodbus/commit/5ccdf5ef79d742640355d1132fa9e2abc7fbaefc
https://libmodbus.org/2019/stable-and-development-releases/
https://lists.debian.org/debian-lts-announce/2021/11/msg00020.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HAGHQFJTJCMYHW553OUWJ3YIJR6PJHB7/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRAQZXGAZY6UGWZ6CD33QEFLL7AWW233/