- Description
- A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.
- Source
- secalert@redhat.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 4.4
- Impact score
- 2.5
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
- Severity
- MEDIUM
- secalert@redhat.com
- CWE-121
- Hype score
- Not currently trending
CVE-2025-5278: GNU Coreutils sort: Heap out-of-bounds read https://t.co/xgG69Bj6f3 Key character offsets of SIZE_MAX could induce a read of 1 byte before an allocated heap buffer. For example: 'sort +0.18446744073709551615R input' on 64-bit systems
@oss_security
28 May 2025
376 Impressions
0 Retweets
7 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-5278 Heap Buffer Under-Read Vulnerability in GNU Coreutils Sort Utility https://t.co/NKvdBGhQSy
@VulmonFeeds
27 May 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-5278 A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated… https://t.co/RvFzwMMLv1
@CVEnew
27 May 2025
343 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes