CVE-2025-13566

Name
CVE-2025-13566
Description
A security vulnerability has been detected in jarun nnn up to 5.1. The impacted element is the function show_content_in_floating_window/run_cmd_as_plugin of the file nnn/src/nnn.c. The manipulation leads to double free. An attack has to be approached locally. The identifier of the patch is 2f07ccdf21e705377862e5f9dfa31e1694979ac7. It is suggested to install a patch to address this issue.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
patch https://github.com/jarun/nnn/commit/2f07ccdf21e705377862e5f9dfa31e1694979ac7
issue-tracking https://github.com/jarun/nnn/issues/2091#issue-3635886658
issue-tracking https://github.com/jarun/nnn/issues/2091#issuecomment-3547591759
signature https://vuldb.com/?ctiid.333330
vdb-entry https://vuldb.com/?id.333330
third-party-advisory https://vuldb.com/?submit.698113

Match rules

CPE URI Source package Min version Max version
nnn == 5.0 == None
nnn == 5.1 == None

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
nnn edge-community 5.1-r0 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
nnn edge-community 5.0-r0 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
nnn 3.22-community 5.1-r0 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
nnn 3.22-community 5.0-r0 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable