Bug 1224062 (CVE-2024-34244) - VUL-0: CVE-2024-34244: libmodbus: buffer overflow via the modbus_write_bits function
Summary: VUL-0: CVE-2024-34244: libmodbus: buffer overflow via the modbus_write_bits f...
Status: CONFIRMED
Alias: CVE-2024-34244
Product: openSUSE Distribution
Classification: openSUSE
Component: Security (show other bugs)
Version: Leap 15.6
Hardware: Other Other
: P3 - Medium : Major (vote)
Target Milestone: ---
Assignee: Stanislav Brabec
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/404865/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-34244:8.2:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-05-08 18:08 UTC by SMASH SMASH
Modified: 2024-06-11 22:20 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-05-08 18:08:09 UTC 
libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbus_write_bits function. This issue can be triggered when the function is fed with specially crafted input, which leads to out-of-bounds read and can potentially cause a crash or other unintended behaviors.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-34244
https://www.cve.org/CVERecord?id=CVE-2024-34244
https://github.com/stephane/libmodbus/issues/743
Comment 2 Stanislav Brabec 2024-05-09 18:55:28 UTC 
Upstream has no solution yet. If possible, let's wait a bit and then see. If there well be no upstream fix, we will investigate further.
Comment 3 Stanislav Brabec 2024-06-11 22:20:16 UTC 
Checking the upstream again, there is still no fix. The upstream issue has no progress.

However the report indicates exact crash line, the source of the problem could be elsewhere.

Is it serious enough to start a research? Note that we have no Modbus testing hardware.