CVE-2025-5278 — Stack-based Buffer Overflow in Coreutils

CWE-121 — Stack-based Buffer Overflow6 documents6 sources

Severity

4.4MEDIUMNVD

EPSS

0.1%

top 67.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

4

Debian Coreutils Msrc CBL Mariner 1.0 ARM Msrc CBL Mariner 1.0 X64 +1 more

Timeline

PublishedMay 27

Description

A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:LExploitability: 1.8 | Impact: 2.5

Affected Packages4 packages

▶debiandebian/coreutils

▶msrcmsrc/cbl_mariner_1.0_arm

▶msrcmsrc/cbl_mariner_1.0_x64

▶msrcmsrc/cm1_moby-buildx_0.4.1+azure-3_on_cbl_mariner_1.0

🔴Vulnerability Details

2

OSV

CVE-2025-5278: A flaw was found in GNU Coreutils↗2025-05-27

▶

GHSA

GHSA-ch64-4x3c-w3jq: A flaw was found in GNU Coreutils↗2025-05-27

▶

📋Vendor Advisories

3

Red Hat

coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification↗2025-05-27

▶

Debian

CVE-2025-5278: coreutils - A flaw was found in GNU Coreutils. The sort utility's begfield() function is vul...↗2025

▶

Microsoft

A vulnerability exists in Docker before 1.2 via container names which may collide with and override container IDs.↗2020-02-11

▶