CVE-2026-29972

Published: May 8, 2026

Modified: May 8, 2026

PUBLISHED

Description

nanoMODBUS through v1.22.0 has a stack-based buffer overflow in recv_read_registers_res() in nanomodbus.c. When a client calls nmbs_read_holding_registers() or nmbs_read_input_registers(), the library writes register data from the server response to the caller-provided buffer based on the response's byte_count field before validating that byte_count matches the requested quantity. A malicious Modbus TCP server can send a response with byte_count=250 (125 registers) regardless of the requested quantity, causing up to 248 bytes of attacker-controlled data to overflow the buffer, potentially allowing remote code execution.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/debevv/nanoMODBUS

https://github.com/debevv/nanoMODBUS/blob/master/nanomodbus.c#L580-L615

https://gist.github.com/dwilliams27/a4e26fe747c8561d608f7549804bd85f

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-29972

Description

Affected Products

References