CVE-2025-5278
UNKNOWN
Published 2025-05-27T20:52:58.545Z
Actions:
CVSS Score
V3.1
4.4
/10
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
Base Score Metrics
Exploitability: N/A
Impact: N/A
Attack Vector Metrics
Impact Metrics
Description
A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.
Available Exploits
No exploits available for this CVE.
Related News
Re: CVE-2025-5278: Heap Buffer Overflow in GNU Coreutils sort
Posted by Simon McVittie on May 29On Tue, 27 May 2025 at 14:43:44 -0700, Alan Coopersmith forwarded: How would an attacker trigger this? Is this only exploitable if the attacker has control over the sort key (equivalent of -k), *and* the key is passed in t…
Seclists.org
2025-05-29 09:48
Affected Products
References
Published: 2025-05-27T20:52:58.545Z
Last Modified: 2025-05-29T18:03:55.440Z
Copied to clipboard!