OSV-2025-266

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/tarantool/OSV-2025-266.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2025-266
Published
2025-04-08T00:17:06.279554Z
Modified
2026-06-30T14:50:00.447090Z
Summary
Heap-buffer-overflow in lj_buf_ruleb128
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=408513931

Crash type: Heap-buffer-overflow READ 1
Crash state:
lj_buf_ruleb128
lj_bcread
cpparser
References

Affected packages

OSS-Fuzz / tarantool

Package

Name
tarantool
Purl
pkg:generic/tarantool

Affected ranges

Type
GIT
Repo
https://github.com/tarantool/tarantool
Events

Affected versions

3.*
3.4.0
3.4.1
3.4.1-entrypoint
3.4.2
3.4.2-entrypoint
3.4.3-entrypoint
3.5.0
3.5.0-entrypoint
3.5.1
3.5.1-entrypoint
3.5.2
3.5.2-entrypoint
3.5.3-entrypoint
3.6.0
3.6.0-entrypoint
3.6.1
3.6.1-entrypoint
3.6.2
3.6.2-entrypoint
3.6.3
3.6.3-entrypoint
3.6.4-entrypoint
3.7.0
3.7.0-entrypoint
3.7.1-entrypoint
3.8.0-entrypoint

Ecosystem specific

{
    "severity": "MEDIUM"
}

Database specific

introduced_range
"f40901fbc98e46e0f4c276cbb51ffaf1abbbfebb:43aa0bf45ef18f76b312fabf3d3842d81a970bae"
source
"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/tarantool/OSV-2025-266.yaml"