CVE-2026-13590: Heap-based Buffer Overflow in seladb PcapPlusPlus
A heap-based buffer overflow vulnerability exists in seladb PcapPlusPlus version 25.05 within the function pcpp::ModbusLayer::getLength in the Modbus Protocol Handler component. This flaw allows remote attackers to cause memory corruption by manipulating the length argument. Exploitation is considered difficult due to high complexity, and a public exploit is available. The vulnerability has a medium severity rating with a CVSS score of 6.3. A patch has been identified but no official vendor advisory or patch release details are provided.
AI Analysis
Technical Summary
CVE-2026-13590 is a heap-based buffer overflow vulnerability in seladb PcapPlusPlus 25.05 affecting the pcpp::ModbusLayer::getLength function in Packet++/header/ModbusLayer.h. The issue arises from improper handling of the length argument, leading to memory corruption on the heap. The vulnerability can be exploited remotely without privileges or user interaction, but the attack complexity is high. A public exploit exists. A patch commit (4c90c3e3418a2b09dc82b7ca5775e9c1e22fe454) has been identified, though no official remediation level or vendor advisory is provided.
Potential Impact
Successful exploitation of this vulnerability can lead to heap-based buffer overflow, potentially causing application crashes or arbitrary code execution. The attack can be launched remotely without authentication, but requires high complexity to exploit. The presence of a public exploit increases the risk of attacks despite the difficulty.
Mitigation Recommendations
A patch has been identified (commit 4c90c3e3418a2b09dc82b7ca5775e9c1e22fe454) and applying it is advised to remediate this vulnerability. Since no official vendor advisory or patch release details are available, users should monitor the seladb PcapPlusPlus project for official updates and apply the patch promptly. Until patched, avoid processing untrusted Modbus protocol data with the affected version.
CVE-2026-13590: Heap-based Buffer Overflow in seladb PcapPlusPlus
Description
A heap-based buffer overflow vulnerability exists in seladb PcapPlusPlus version 25.05 within the function pcpp::ModbusLayer::getLength in the Modbus Protocol Handler component. This flaw allows remote attackers to cause memory corruption by manipulating the length argument. Exploitation is considered difficult due to high complexity, and a public exploit is available. The vulnerability has a medium severity rating with a CVSS score of 6.3. A patch has been identified but no official vendor advisory or patch release details are provided.
CVSS v4.0
Score 6.3medium
Affected software
pkg:github/seladb/PcapPlusPluscpe:2.3:a:seladb:pcapplusplus:*:*:*:*:*:*:*:*Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-13590 is a heap-based buffer overflow vulnerability in seladb PcapPlusPlus 25.05 affecting the pcpp::ModbusLayer::getLength function in Packet++/header/ModbusLayer.h. The issue arises from improper handling of the length argument, leading to memory corruption on the heap. The vulnerability can be exploited remotely without privileges or user interaction, but the attack complexity is high. A public exploit exists. A patch commit (4c90c3e3418a2b09dc82b7ca5775e9c1e22fe454) has been identified, though no official remediation level or vendor advisory is provided.
Potential Impact
Successful exploitation of this vulnerability can lead to heap-based buffer overflow, potentially causing application crashes or arbitrary code execution. The attack can be launched remotely without authentication, but requires high complexity to exploit. The presence of a public exploit increases the risk of attacks despite the difficulty.
Mitigation Recommendations
A patch has been identified (commit 4c90c3e3418a2b09dc82b7ca5775e9c1e22fe454) and applying it is advised to remediate this vulnerability. Since no official vendor advisory or patch release details are available, users should monitor the seladb PcapPlusPlus project for official updates and apply the patch promptly. Until patched, avoid processing untrusted Modbus protocol data with the affected version.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-06-29T04:25:34.242Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a42a9a827e9c79719324a0e
Added to database: 06/29/2026, 17:21:44 UTC
Last enriched: 06/29/2026, 17:36:40 UTC
Last updated: 06/29/2026, 18:16:01 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.