Bug 1225828 (CVE-2024-36844) - VUL-0: CVE-2024-36844: libmodbus: use-after-free via the ctx->backend pointer in modbus.c
Summary: VUL-0: CVE-2024-36844: libmodbus: use-after-free via the ctx->backend pointer...
Status: CONFIRMED
Alias: CVE-2024-36844
Product: openSUSE Distribution
Classification: openSUSE
Component: Security (show other bugs)
Version: Leap 15.6
Hardware: Other Other
: P3 - Medium : Major (vote)
Target Milestone: ---
Assignee: Stanislav Brabec
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/408371/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-36844:8.2:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-06-03 11:46 UTC by SMASH SMASH
Modified: 2024-06-11 19:54 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-06-03 11:46:54 UTC 
libmodbus v3.1.6 was discovered to contain a use-after-free via the ctx->backend pointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-36844
https://www.cve.org/CVERecord?id=CVE-2024-36844
https://github.com/stephane/libmodbus/issues/749
https://bugzilla.redhat.com/show_bug.cgi?id=2284255
Comment 2 Stanislav Brabec 2024-06-11 19:54:34 UTC 
Checking the upstream, there is no fix. The upstream issue has no progress. Redhat Bugzilla has no progress yet.

The crash of use after free affects at least debug mode, but the problem could be deeper in the library. (The memory is freed earlier, and the crash appears in a moment when the freed contents is used.)

Is it serious enough to start a research? Note that we have no Modbus testing hardware.