gmg137 snap7-rs Heap-Based Buffer Overflow Vulnerability in S7Client Download Function
Vulnerability
A heap-based buffer overflow vulnerability has been identified in gmg137 snap7-rs versions up to 153d3e8c16decd7271e2a5b2e3da4d6f68589424. The issue arises in the S7Client::download function within client.rs, where a user-controlled size parameter is improperly validated before being used in a memory copy operation. This vulnerability can be exploited remotely, and a public proof-of-concept exploit is available.
Impact
Exploitation of this vulnerability leads to a heap-based buffer overflow, allowing for potential arbitrary code execution or memory corruption.
Reproduction
The vulnerability can be reproduced by using the AddressSanitizer tool to compile a Rust program that calls the vulnerable S7Client::download function. The program should provide a crafted crash file that contains a payload exceeding the buffer length, exploiting the unchecked size parameter in the download function.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.