There are 3 open security issues in bullseye.
1 important issue:
- CVE-2024-34244:
libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbus_write_bits function. This issue can be triggered when the function is fed with specially crafted input, which leads to out-of-bounds read and can potentially cause a crash or other unintended behaviors.
2 issues left for the package maintainer to handle:
- CVE-2022-0367:
(needs triaging)
A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c.
- CVE-2023-26793:
(needs triaging)
libmodbus v3.1.10 has a heap-based buffer overflow vulnerability in read_io_status function in src/modbus.c.
You can find information about how to handle these issues in the security team's documentation.