PT-2025-19901 · Finit+1 · Finit+1
Aanderse
·
Published
2025-05-06
·
Updated
2025-05-06
·
CVE-2025-32022
CVSS v3.1
4.6
Medium
| Vector | AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
Finit versions 4.2 through 4.11
Description
Finit's urandom plugin has a heap buffer overwrite vulnerability at boot, which can lead to random instabilities and undefined behavior. The urandom plugin is enabled by default.
Recommendations
For Finit versions 4.2 through 4.11, disable the urandom plugin in the call to the
configure script as a temporary workaround.
Upgrade to Finit 4.12 to fully resolve the issue.Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Finit