libmodbus CVE Vulnerabilities & Metrics

Focus on libmodbus vulnerabilities and metrics.

Last updated: 18 May 2025, 22:25 UTC

About libmodbus Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with libmodbus. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total libmodbus CVEs: 9
Earliest CVE date: 31 Jul 2019, 23:15 UTC
Latest CVE date: 27 Feb 2025, 12:15 UTC

Latest CVE reference: CVE-2024-10918

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 4

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical libmodbus CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 1.42

Max CVSS: 6.4

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	7
4.0-6.9	2
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS libmodbus CVEs

These are the five CVEs with the highest CVSS scores for libmodbus, sorted by severity first and recency.

CVE-2019-14463 libmodbus Published on 31 Jul 2019, 23:15 UTC (CVSS: 6.4)
An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_REGISTERS case, aka VD-1301.
CVE-2019-14462 libmodbus Published on 31 Jul 2019, 23:15 UTC (CVSS: 6.4)
An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_COILS case, aka VD-1302.
CVE-2024-10918 libmodbus Published on 27 Feb 2025, 12:15 UTC (CVSS: 0)
Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10 allows to overflow the buffer allocated for the Modbus response if the function tries to reply to a Modbus request with an unexpected length.
CVE-2024-36845 libmodbus Published on 31 May 2024, 20:15 UTC (CVSS: 0)
An invalid pointer in the modbus_receive() function of libmodbus v3.1.6 allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server.
CVE-2024-36844 libmodbus Published on 31 May 2024, 20:15 UTC (CVSS: 0)
libmodbus v3.1.6 was discovered to contain a use-after-free via the ctx->backend pointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server.

All CVEs for libmodbus

CVE-2024-10918 libmodbus vulnerability CVSS: 0 27 Feb 2025, 12:15 UTC

Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10 allows to overflow the buffer allocated for the Modbus response if the function tries to reply to a Modbus request with an unexpected length.

CVE-2024-36845 libmodbus vulnerability CVSS: 0 31 May 2024, 20:15 UTC

An invalid pointer in the modbus_receive() function of libmodbus v3.1.6 allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server.

CVE-2024-36844 libmodbus vulnerability CVSS: 0 31 May 2024, 20:15 UTC

libmodbus v3.1.6 was discovered to contain a use-after-free via the ctx->backend pointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server.

CVE-2024-36843 libmodbus vulnerability CVSS: 0 31 May 2024, 20:15 UTC

libmodbus v3.1.6 was discovered to contain a heap overflow via the modbus_mapping_free() function.

CVE-2024-34244 libmodbus vulnerability CVSS: 0 08 May 2024, 17:15 UTC

libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbus_write_bits function. This issue can be triggered when the function is fed with specially crafted input, which leads to out-of-bounds read and can potentially cause a crash or other unintended behaviors.

CVE-2023-26793 libmodbus vulnerability CVSS: 0 01 May 2024, 19:15 UTC

libmodbus v3.1.10 has a heap-based buffer overflow vulnerability in read_io_status function in src/modbus.c.

CVE-2022-0367 libmodbus vulnerability CVSS: 0 29 Aug 2022, 15:15 UTC

A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c.

CVE-2019-14463 libmodbus vulnerability CVSS: 6.4 31 Jul 2019, 23:15 UTC

An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_REGISTERS case, aka VD-1301.

CVE-2019-14462 libmodbus vulnerability CVSS: 6.4 31 Jul 2019, 23:15 UTC

An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_COILS case, aka VD-1302.