VDB
CVE-2022-0367
CVE-2022-0367
PUBLISHED
CVSS 7.800000190734863 HIGH
A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c.
EPSS 0.05% · 14.6th percentile
Risk Scores
CVSS v3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.05%
14.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| fedoraproject | fedora | 35 |
| fedoraproject | extra_packages_for_enterprise_linux | 7.0 |
| n/a | libmodbus | * |
| debian | debian_linux | 10.0 |
| libmodbus | libmodbus | 0 |
Timeline
- Aug 29, 2022 CVE Published
- Aug 30, 2022 EPSS Score
- Sep 30, 2022 CVE Updated
- Oct 14, 2022 EPSS Score
- Nov 29, 2022 EPSS Score
- Jan 13, 2023 EPSS Score
- Feb 28, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 14, 2023 EPSS Score
- May 29, 2023 EPSS Score
- Jul 14, 2023 EPSS Score
- Aug 28, 2023 EPSS Score
References
- https://github.com/stephane/libmodbus/issues/614 url
- https://bugzilla.redhat.com/show_bug.cgi?id=2045571 url
- https://github.com/stephane/libmodbus/commit/b4ef4c17d618eba0adccc4c7d9e9a1ef809fc9b6 url
- [debian-lts-announce] 20220904 [SECURITY] [DLA 3098-1] libmodbus security update mailing-list
- https://lists.debian.org/debian-lts-announce/2025/03/msg00010.html url
- https://nvd.nist.gov/vuln/detail/CVE-2022-0367 advisory