gmg137 snap7-rs client.rs download heap-based overflow_CVE-2025-15247

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was identified in gmg137 snap7-rs up to 153d3e8c16decd7271e2a5b2e3da4d6f68589424. Affected by this issue is the function snap7_rs::client::S7Client::download of the file client.rs. Such manipulation leads to heap-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2025-15247

Source VulDB

Published Dec 30, 2025 at 12:02

Modified Dec 30, 2025 at 12:53

Affected Product

Vendor gmg137

Product snap7-rs

Version 153d3e8c16decd7271e2a5b2e3da4d6f68589424

Affected Versions gmg137 snap7-rs 153d3e8c16decd7271e2a5b2e3da4d6f68589424

CWE Classification

CWE-122 CWE-119

References

{
    "lastseen": "",
    "description": "A vulnerability was identified in gmg137 snap7-rs up to 153d3e8c16decd7271e2a5b2e3da4d6f68589424. Affected by this issue is the function snap7_rs::client::S7Client::download of the file client.rs. Such manipulation leads to heap-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2025-12-30T12:02:09.529Z",
    "modified": "2025-12-30T12:53:26.556Z",
    "type": "cve",
    "title": "gmg137 snap7-rs client.rs download heap-based overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.338637\nhttps://vuldb.com/?ctiid.338637\nhttps://gitee.com/gmg137/snap7-rs/issues/ID2H7V",
    "id": "CVE-2025-15247",
    "bulletinFamily": "",
    "cwe": [
        "CWE-122",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "gmg137 snap7-rs 153d3e8c16decd7271e2a5b2e3da4d6f68589424",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "snap7-rs",
    "version": "153d3e8c16decd7271e2a5b2e3da4d6f68589424",
    "vendor": "gmg137",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}