CVE-2025-46714
- Source
- https://cve.org/CVERecord?id=CVE-2025-46714
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-46714.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-46714
- Aliases
-
- GHSA-c5h5-54gp-xh4q
- Published
- 2025-05-22T12:27:57.002Z
- Modified
- 2026-04-10T05:28:30.756663Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Sandboxie has Pool Buffer Overflow in SbieDrv.sys API (API_GET_SECURE_PARAM)
- Details
-
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to 1.15.12, APIGETSECURE_PARAM has an arithmetic overflow leading to a small memory allocation and then a extremely large copy into the small allocation. Version 1.15.12 fixes the issue.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/46xxx/CVE-2025-46714.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-120" ] }- References
Affected packages
Git / github.com/sandboxie-plus/sandboxie
Affected versions
1.*
1.3.4
v1.*
v1.10.1
v1.10.2
v1.10.3
v1.10.4
v1.10.5
v1.11.0
v1.11.1
v1.11.2
v1.11.3
v1.11.4
v1.12.0
v1.12.1
v1.12.2
v1.12.3
v1.12.4
v1.12.5
v1.12.6
v1.12.7
v1.12.8
v1.12.9
v1.13.0
v1.13.1
v1.13.2
v1.13.3
v1.13.4
v1.13.5
v1.13.6
v1.13.7
v1.14.0
v1.14.1
v1.14.10
v1.14.3
v1.14.4
v1.14.5
v1.14.6
v1.14.7
v1.14.8
v1.14.9
v1.15.0
v1.15.1
v1.15.10
v1.15.2
v1.15.3
v1.15.4
v1.15.5
v1.15.6
v1.15.7
v1.15.8
v1.15.9
v1.3.0
v1.3.1
v1.3.2
v1.3.3
v1.3.5
v1.4.0
v1.4.1
v1.4.2
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.6.0
v1.6.1
v1.6.1a
v1.6.1b
v1.6.2b
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.6.7
v1.7.0
v1.7.1
v1.7.2
v1.8.0
v1.8.1
v1.8.2
v1.8.2a
v1.8.3
v1.8.4
v1.9.0
v1.9.1
v1.9.3
v1.9.4
v1.9.6
v1.9.7
v1.9.8