Bug 1225833 (CVE-2024-36845) - VUL-0: CVE-2024-36845: libmodbus: denial of service due to an invalid pointer in the modbus_receive() function
Summary: VUL-0: CVE-2024-36845: libmodbus: denial of service due to an invalid pointer...
Status: CONFIRMED
Alias: CVE-2024-36845
Product: openSUSE Distribution
Classification: openSUSE
Component: Security (show other bugs)
Version: Leap 15.6
Hardware: Other Other
: P3 - Medium : Major (vote)
Target Milestone: ---
Assignee: Stanislav Brabec
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/408372/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-36845:7.5:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-06-03 12:26 UTC by SMASH SMASH
Modified: 2024-06-11 19:57 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-06-03 12:26:10 UTC 
An invalid pointer in the modbus_receive() function of libmodbus v3.1.6 allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-36845
https://www.cve.org/CVERecord?id=CVE-2024-36845
https://github.com/stephane/libmodbus/issues/750
https://bugzilla.redhat.com/show_bug.cgi?id=2284259
Comment 2 Stanislav Brabec 2024-06-11 19:57:29 UTC 
Checking the upstream, there is no fix. The upstream issue has no progress. Redhat Bugzilla has no progress yet.

According to the reporter, it seems to be array out of bound access that triggers the crash.

Is it serious enough to start a research? Note that we have no Modbus testing hardware.