CVE-2025-29481

Source
https://cve.org/CVERecord?id=CVE-2025-29481
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-29481.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-29481
Aliases
Downstream
Published
2025-04-07T00:00:00Z
Modified
2026-07-15T01:49:02.716916403Z
Severity
  • 6.2 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpfobjectinitprog` function of libbpf. This has been disputed by third parties who assert that "no one in their sane mind should be passing untrusted ELF files into libbpf while running under root."

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/29xxx/CVE-2025-29481.json",
    "isDisputed": true,
    "cna_assigner": "mitre"
}
References

Affected packages

Git / github.com/libbpf/libbpf

Affected ranges

Type
GIT
Repo
https://github.com/libbpf/libbpf
Events
Database specific
{
    "cpe": "cpe:2.3:a:libbpf_project:libbpf:1.5.0:*:*:*:*:*:*:*",
    "source": "CPE_STRING",
    "extracted_events": [
        {
            "introduced": "1.5.0"
        },
        {
            "last_affected": "1.5.0"
        }
    ]
}

Affected versions

1.*
1.5.0
v1.*
v1.5.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-29481.json"