Primary

Context

SILA Embedded Solutions freemodbus Infinite Loop Vulnerability in LINUXTCP Demo

Vulnerability

A denial-of-service vulnerability has been identified in SILA Embedded Solutions freemodbus version 2018-09-12. The issue arises in the demo/LINUXTCP implementation, where attackers can cause the server to enter an infinite loop by sending a packet with a crafted length value. This vulnerability affects the LINUXTCP server component on Ubuntu 20.04.6 LTS.

Impact

Exploitation of this vulnerability leads to an infinite loop, causing the application to hang and become unresponsive.

Reproduction

The vulnerability can be reproduced by compiling freemodbus version 2018-09-12 with AddressSanitizer enabled, and then running the server. After the server is started, a message with a crafted length value must be sent, which will trigger the infinite loop. This can be done by typing 'e' and pressing Enter, followed by sending the crafted message recorded in the log file.

Added: Aug 14, 2025, 6:56 PM

Updated: Aug 14, 2025, 9:06 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SILA Embedded Solutions freemodbus Infinite Loop Vulnerability in LINUXTCP Demo

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating