CVE-2025-5278

Name
CVE-2025-5278
Description
A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
vdb-entry https://access.redhat.com/security/cve/CVE-2025-5278
issue-tracking https://bugzilla.redhat.com/show_bug.cgi?id=2368764
af854a3a-2127-422b-91ae-364da2661108 http://www.openwall.com/lists/oss-security/2025/05/27/2
af854a3a-2127-422b-91ae-364da2661108 http://www.openwall.com/lists/oss-security/2025/05/29/1
af854a3a-2127-422b-91ae-364da2661108 https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633
af854a3a-2127-422b-91ae-364da2661108 https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14
af854a3a-2127-422b-91ae-364da2661108 https://security-tracker.debian.org/tracker/CVE-2025-5278
af854a3a-2127-422b-91ae-364da2661108 http://www.openwall.com/lists/oss-security/2025/05/29/2

Match rules

CPE URI Source package Min version Max version

Vulnerable and fixed packages

Source package Branch Version Maintainer Status