Untriaged
Permalink
CVE-2025-5278
4.4 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): NONE
- Availability impact (A): LOW
Coreutils: heap buffer under-read in gnu coreutils sort via key specification
A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.
References
- https://access.redhat.com/security/cve/CVE-2025-5278 x_refsource_REDHAT vdb-entry
- RHBZ#2368764 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-5278 x_refsource_REDHAT vdb-entry
- RHBZ#2368764 issue-tracking x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2025/05/27/2
- RHBZ#2368764 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-5278 x_refsource_REDHAT vdb-entry
- http://www.openwall.com/lists/oss-security/2025/05/27/2
- http://www.openwall.com/lists/oss-security/2025/05/29/1
- https://security-tracker.debian.org/tracker/CVE-2025-5278
- https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e95…
- https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e…
- http://www.openwall.com/lists/oss-security/2025/05/29/2
- RHBZ#2368764 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-5278 x_refsource_REDHAT vdb-entry
- http://www.openwall.com/lists/oss-security/2025/05/27/2
- http://www.openwall.com/lists/oss-security/2025/05/29/1
- https://security-tracker.debian.org/tracker/CVE-2025-5278
- https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e95…
- https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e…
- http://www.openwall.com/lists/oss-security/2025/05/29/2
- https://access.redhat.com/security/cve/CVE-2025-5278 x_refsource_REDHAT vdb-entry
- RHBZ#2368764 issue-tracking x_refsource_REDHAT
- https://security-tracker.debian.org/tracker/CVE-2025-5278
- https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e95…
- https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e…
- http://www.openwall.com/lists/oss-security/2025/05/29/2
- http://www.openwall.com/lists/oss-security/2025/05/27/2
- http://www.openwall.com/lists/oss-security/2025/05/29/1
- https://access.redhat.com/security/cve/CVE-2025-5278 x_refsource_REDHAT vdb-entry
- RHBZ#2368764 issue-tracking x_refsource_REDHAT
- https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e95…
- http://www.openwall.com/lists/oss-security/2025/05/27/2
- http://www.openwall.com/lists/oss-security/2025/05/29/1
- https://security-tracker.debian.org/tracker/CVE-2025-5278
- https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e95…
- https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e…
- http://www.openwall.com/lists/oss-security/2025/05/29/2
- https://access.redhat.com/security/cve/CVE-2025-5278 x_refsource_REDHAT vdb-entry
- RHBZ#2368764 issue-tracking x_refsource_REDHAT
- https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e95…
- http://www.openwall.com/lists/oss-security/2025/05/27/2
- http://www.openwall.com/lists/oss-security/2025/05/29/1
- https://security-tracker.debian.org/tracker/CVE-2025-5278
- https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e95…
- https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e…
- http://www.openwall.com/lists/oss-security/2025/05/29/2
- https://access.redhat.com/security/cve/CVE-2025-5278 x_refsource_REDHAT vdb-entry
- RHBZ#2368764 issue-tracking x_refsource_REDHAT
- https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e95…
- https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e…
- http://www.openwall.com/lists/oss-security/2025/05/29/2
- http://www.openwall.com/lists/oss-security/2025/05/27/2
- http://www.openwall.com/lists/oss-security/2025/05/29/1
- https://security-tracker.debian.org/tracker/CVE-2025-5278
- https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e95…
Affected products
rhcos
coreutils
- <9.8
Matching in nixpkgs
pkgs.coreutils-full
GNU Core Utilities
-
nixos-unstable -
- nixpkgs-unstable 9.7
pkgs.policycoreutils
SELinux policy core utilities
-
nixos-unstable -
- nixpkgs-unstable 3.8.1
pkgs.uutils-coreutils
Cross-platform Rust rewrite of the GNU coreutils
-
nixos-unstable -
- nixpkgs-unstable 0.2.2
pkgs.coreutils-prefixed
GNU Core Utilities
-
nixos-unstable -
- nixpkgs-unstable 9.7
pkgs.uutils-coreutils-noprefix
Cross-platform Rust rewrite of the GNU coreutils
-
nixos-unstable -
- nixpkgs-unstable 0.2.2
Package maintainers
-
@dasJ Janne Heß <janne@hess.ooo>
-
@RossComputerGuy Tristan Ross <tristan.ross@midstall.com>
-
@numinit Morgan Jones <me+nixpkgs@numin.it>
-
@matthiasbeyer Matthias Beyer <mail@beyermatthias.de>
-
@siraben Siraphob Phipathananunth <bensiraphob@gmail.com>