CVE-2025-5278

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-5278

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-5278.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-5278

Related

Published

2025-05-27T21:15:23Z

Modified

2025-05-29T18:56:55.538511Z

Summary

[none]

Details

A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.

References

Affected packages

Debian:11 / coreutils

Package

Name: coreutils
Purl: pkg:deb/debian/coreutils?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.32-4

8.32-4.1

9.*

9.1-1

9.4-1

9.4-2

9.4-3

9.4-3.1

9.5-1

9.6-1

9.6-2

9.7-1

9.7-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / coreutils

Package

Name: coreutils
Purl: pkg:deb/debian/coreutils?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.1-1

9.4-1

9.4-2

9.4-3

9.4-3.1

9.5-1

9.6-1

9.6-2

9.7-1

9.7-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / coreutils

Package

Name: coreutils
Purl: pkg:deb/debian/coreutils?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.1-1

9.4-1

9.4-2

9.4-3

9.4-3.1

9.5-1

9.6-1

9.6-2

9.7-1

9.7-2

Ecosystem specific

{
    "urgency": "unimportant"
}