OSV-2025-93

Import Source

JSON Data

https://api.osv.dev/v1/vulns/OSV-2025-93

Published

2025-02-05T00:18:14.584575Z

Modified

2025-07-23T14:24:29.384461Z

Summary

Heap-buffer-overflow in lj_strfmt_pushvf

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=394126186

Crash type: Heap-buffer-overflow WRITE 8
Crash state:
lj_strfmt_pushvf
err_msgv
lj_err_msg

References

Affected packages

Type: GIT
Repo: https://github.com/tarantool/tarantool
Events: Introduced

8ad443de995a7800906718925ce6c9162d80c4a9

Fixed

8c7cfb1cd0b3f5ce1d5b181403f68f7aaf657d9a

3.*

3.4.0

3.4.1-entrypoint

3.5.0-entrypoint

{
    "severity": "HIGH"
}

source

"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/tarantool/OSV-2025-93.yaml"

introduced_range

"f40901fbc98e46e0f4c276cbb51ffaf1abbbfebb:43aa0bf45ef18f76b312fabf3d3842d81a970bae"

fixed_range

"d0242af36253b279f0fddd6887dfd89e679c175b:8c7cfb1cd0b3f5ce1d5b181403f68f7aaf657d9a"