Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Untriaged

Permalink CVE-2025-1400

3.1 LOW

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): NONE

created 6 months ago

Out-of-bounds Read in libplctag library

Out-of-bounds Read vulnerability in unpack_response (conn.c) in libplctag from 2.0 through 2.6.3 allows Overread Buffers via network.

References

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-1400

Affected products

libplctag

=<2.6.3

Matching in nixpkgs

pkgs.libplctag

Library that uses EtherNet/IP or Modbus TCP to read and write tags in PLCs

nixos-unstable -
- nixpkgs-unstable 2.6.4

Package maintainers

@storvik Petter Storvik <petterstorvik@gmail.com>