CVE-2025-7208

CVE-2025-7208

Name

CVE-2025-7208

Description

A vulnerability was found in 9fans plan9port up to 9da5b44. It has been classified as critical. This affects the function edump in the library /src/plan9port/src/libsec/port/x509.c. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is b3e06559475b0130a7a2fb56ac4d131d13d2012f. It is recommended to apply a patch to fix this issue.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
related	https://drive.google.com/drive/folders/1kedwNLNDiFQB2OAp7S-ZKYoF7nxfIZGO?usp=sharing
patch	https://git.9front.org/plan9front/plan9front/b3e06559475b0130a7a2fb56ac4d131d13d2012f/commit.html
issue-tracking	https://github.com/9fans/plan9port/issues/710#issuecomment-2819906648
exploit	https://github.com/user-attachments/files/19698345/plan9port_crash_1.txt
signature	https://vuldb.com/?ctiid.259053
vdb-entry	https://vuldb.com/?id.259053
third-party-advisory	https://vuldb.com/?submit.304567
third-party-advisory	https://vuldb.com/?submit.607684

Type

URI

https://drive.google.com/drive/folders/1kedwNLNDiFQB2OAp7S-ZKYoF7nxfIZGO?usp=sharing

patch

https://git.9front.org/plan9front/plan9front/b3e06559475b0130a7a2fb56ac4d131d13d2012f/commit.html

issue-tracking

https://github.com/9fans/plan9port/issues/710#issuecomment-2819906648

exploit

https://github.com/user-attachments/files/19698345/plan9port_crash_1.txt

signature

https://vuldb.com/?ctiid.259053

vdb-entry

https://vuldb.com/?id.259053

third-party-advisory

https://vuldb.com/?submit.304567

third-party-advisory

https://vuldb.com/?submit.607684

CPE URI	Source package	Min version	Max version
	plan9port	== 9da5b44	== 9da5b44
`cpe:2.3:a:9fans:plan9port::::::::`	plan9port	>= None	<= 2025-03-29

CPE URI

Source package

Min version

Max version

plan9port

== 9da5b44

cpe:2.3:a:9fans:plan9port:*:*:*:*:*:*:*:*

plan9port

>= None

<= 2025-03-29

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
plan9port	edge-community	0_git20260208-r0	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
plan9port	edge-community	0_git20241022-r1	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
plan9port	edge-community	0_git20241022-r0	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
plan9port	edge-community	0_git20240110-r0	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
plan9port	3.23-community	0_git20241022-r2	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
plan9port	3.23-community	0_git20241022-r1	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

plan9port

edge-community

0_git20260208-r0

Sören Tempel <soeren+alpine@soeren-tempel.net>

possibly vulnerable

plan9port

edge-community