CVE-2024-10918

Medium

Published: 27 February 2025

Published

27 February 2025

Modified

03 November 2025

KEV Added

—

Patch

—

CVSS Score 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

EPSS Score 0.0009 25.7th percentile

Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Description

Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10 allows to overflow the buffer allocated for the Modbus response if the function tries to reply to a Modbus request with an unexpected length.

Security Summary

CVE-2024-10918, published on 2025-02-27, is a stack-based buffer overflow vulnerability in libmodbus version 3.1.10. The flaw allows the buffer allocated for a Modbus response to be overflowed when the function attempts to reply to a Modbus request with an unexpected length. It is classified under CWE-121 (Stack-based Buffer Overflow) and CWE-787 (Out-of-bounds Write).

The vulnerability carries a CVSS v3.1 base score of 4.8 (Medium), with the vector AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L. Unauthenticated attackers accessible over the network can potentially exploit it, though exploitation requires high attack complexity and no user interaction. Successful attacks could lead to limited impacts on integrity and availability, such as partial denial of service or minor data tampering, with no confidentiality loss.

Advisories providing details on mitigations and patches are available from Nozomi Networks at https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-10918 and the Debian LTS announcement at https://lists.debian.org/debian-lts-announce/2025/03/msg00010.html. Security practitioners should consult these sources for system-specific remediation guidance.

Details

CWE(s): CWE-121CWE-787

Affected Products

libmodbus

3.1.10

References

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-10918
Third Party Advisory · prodsec@nozominetworks.com
https://lists.debian.org/debian-lts-announce/2025/03/msg00010.html
af854a3a-2127-422b-91ae-364da2661108