Back to overview

CVE-2026-13590

MEDIUM
5.6
CVSS 3.1
Description
A security flaw has been discovered in seladb PcapPlusPlus 25.05. This impacts the function pcpp::ModbusLayer::getLength in the library Packet++/header/ModbusLayer.h of the component Modbus Protocol Handler. The manipulation of the argument length results in heap-based buffer overflow. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is said to be difficult. The exploit has been released to the public and may be used for attacks. The patch is identified as 4c90c3e3418a2b09dc82b7ca5775e9c1e22fe454. Applying a patch is advised to resolve this issue.

Metadata

CVE ID
CVE-2026-13590
State
PUBLISHED
Assigner
VulDB
Reserved
2026-06-29 04:25 UTC
Published
2026-06-29 16:45 UTC
Last updated
2026-06-29 16:45 UTC
Primary CWE
CWE-122
Heap-based Buffer Overflow
Vendor / Product
seladb / PcapPlusPlus
Sources
cve.org  ·  NVD

Severity & Metrics

5.6 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Affected products (1)
VendorProductPlatformVersions
seladb PcapPlusPlus 25.05
Weakness (CWE)
CWESourceDescription
CWE-119 cna Memory Corruption
CWE-122 cna Heap-based Buffer Overflow
CVSS scores (4)
ScoreSeverityVersionSourceVector
6.3 MEDIUM 4.0 cna CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
5.6 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
5.6 MEDIUM 3.0 cna CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
5.1 N/D 2.0 cna AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C
References (9)
Back to overview