AIKIDO-2026-10242
stephane.libmodbus is vulnerable to Buffer Overflow
70
High Risk
This Affects:
stephane.libmodbusTL;DR
Affected versions of this package are vulnerable to a buffer overflow caused by improper validation of socket file descriptor values when using the FD_SET macro. When a TCP connection is accepted with a file descriptor greater than or equal to FD_SETSIZE, FD_SET writes past the bounds of the fd_set structure, resulting in memory corruption or application crashes. An attacker can trigger this condition by exhausting available file descriptors so that newly accepted connections receive high-numbered descriptors, leading to a denial of service or potential memory corruption. The issue is fixed by validating file descriptor values and rejecting descriptors exceeding FD_SETSIZE before invoking FD_SET.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
stephane.libmodbus is vulnerable to Buffer Overflow in versions 0.0.1 - 3.1.11.
How to fix this
Upgrade the stephane.libmodbus library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant