CVE-2025-14672
Heap-Based Buffer Overflow in snap7-rs TSnap7MicroClient (Remote Exploit
Publication date: 2025-12-14
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gmg137 | snap7-rs | 1.142.1 |
| gmg137 | snap7-rs | 1.142.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a heap-based buffer overflow in the snap7-rs library (versions up to 1.142.1), specifically in the function TSnap7MicroClient::opWriteArea in the s7_micro_client.cpp file. It occurs because the method accepts an unchecked size parameter, leading to a memcpy operation that copies more data than the allocated buffer size, causing memory corruption on the heap. This flaw can be triggered remotely without authentication, potentially allowing attackers to exploit the overflow. [1, 2]
How can this vulnerability impact me? :
The heap-based buffer overflow can compromise the confidentiality, integrity, and availability of the affected system. Since the vulnerability can be exploited remotely without authentication, attackers may execute arbitrary code, cause crashes, or disrupt service, leading to potential system compromise or denial of service. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for abnormal or unexpected calls to the vulnerable function TSnap7MicroClient::opWriteArea or the snap7-rs library's ct_write method with unusually large size parameters that could trigger a heap buffer overflow. Since the exploit involves sending crafted input remotely, network traffic analysis for suspicious packets targeting snap7-rs services may help. Additionally, fuzz testing or running the provided proof-of-concept exploit in a controlled environment can help detect if the system is vulnerable. Specific commands are not provided in the resources, but using debugging tools like AddressSanitizer (ASan) during testing or monitoring logs for crashes related to memcpy in s7_micro_client.cpp could be useful. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing or upgrading the affected snap7-rs library versions (up to 1.142.1) with a non-vulnerable version or an alternative product, as no known mitigations or patches are currently available. Restricting network access to the vulnerable service to trusted sources and monitoring for exploit attempts can reduce risk. Applying network-level protections such as firewalls or intrusion detection systems to block suspicious traffic targeting the snap7-rs service is also recommended. [2]