CVE-2026-29972

Name of the Vulnerable Software and Affected Versions nanoMODBUS versions prior to 1.23.0

Description A stack-based buffer overflow exists in the recv read registers res() function within nanomodbus.c. This occurs when a client invokes nmbs read holding registers() or nmbs read input registers(), as the library writes register data from the server response to the provided buffer based on the byte count field without verifying if it matches the requested quantity. A malicious Modbus TCP server can send a response with a byte count of 250, potentially overflowing the buffer with up to 248 bytes of attacker-controlled data and allowing remote code execution.

Recommendations Update to a version later than 1.22.0.