VulnerableCode Package Details - pkg:deb/debian/libmodbus@3.1.6-2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/libmodbus@3.1.6-2

Essentials
History (7)

purl	pkg:deb/debian/libmodbus@3.1.6-2

Next non-vulnerable version	3.1.11-2
Latest non-vulnerable version	3.1.11-2
Risk	3.4

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-4yj7-j39a-83fj Aliases: CVE-2024-36843	libmodbus v3.1.6 was discovered to contain a heap overflow via the modbus_mapping_free() function.	3.1.6-2.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-krjy-2pp7-tkgb Aliases: CVE-2022-0367	A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c.	3.1.6-2.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-ner3-brvk-juh9 Aliases: CVE-2024-36844	libmodbus v3.1.6 was discovered to contain a use-after-free via the ctx->backend pointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server.	3.1.6-2.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-xxkr-7qxj-9ue8 Aliases: CVE-2024-36845	An invalid pointer in the modbus_receive() function of libmodbus v3.1.6 allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server.	3.1.6-2.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-zz4q-y4j9-uyf5 Aliases: CVE-2024-10918	Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10 allows to overflow the buffer allocated for the Modbus response if the function tries to reply to a Modbus request with an unexpected length.	3.1.6-2.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 3.1.11-2 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (2)

Vulnerability	Summary	Aliases
VCID-hyyh-6bs1-77ag	An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_COILS case, aka VD-1302.	CVE-2019-14462
VCID-kmdt-9zjk-9ufx	An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_REGISTERS case, aka VD-1301.	CVE-2019-14463

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T10:28:01.824520+00:00	Debian Oval Importer	Affected by	VCID-zz4q-y4j9-uyf5	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-06T10:08:33.603860+00:00	Debian Oval Importer	Affected by	VCID-4yj7-j39a-83fj	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-06T07:18:23.080108+00:00	Debian Oval Importer	Affected by	VCID-ner3-brvk-juh9	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-06T06:49:36.226069+00:00	Debian Oval Importer	Affected by	VCID-xxkr-7qxj-9ue8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-06T04:57:48.832363+00:00	Debian Oval Importer	Affected by	VCID-krjy-2pp7-tkgb	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-06T03:53:28.533562+00:00	Debian Oval Importer	Fixing	VCID-kmdt-9zjk-9ufx	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-06T02:28:45.036196+00:00	Debian Oval Importer	Fixing	VCID-hyyh-6bs1-77ag	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0