CVE-2025-5278

CVSS v3.1

4.4

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Name of the Vulnerable Software and Affected Versions GNU Coreutils (affected versions not specified)

Description A flaw was found in the sort utility's begfield() function, which is vulnerable to a heap buffer under-read. This issue may cause the program to access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121

Related Identifiers

BDU:2025-10950

CVE-2025-5278

ECHO-D009-FB3C-DD57

MGASA-2025-0172

OESA-2025-1637

OPENSUSE-SU-2025:15327-1

SUSE-SU-2025:02353-1

SUSE-SU-2025:02354-1

SUSE-SU-2025:02362-1

SUSE-SU-2025:20523-1

SUSE-SU-2025:20660-1

SUSE-SU-2025_02353-1

SUSE-SU-2025_02354-1

SUSE-SU-2025_02362-1

Affected Products

Debian

Gnu Coreutils

Red Os

Suse

CVE-2025-5278

Weakness Enumeration

Related Identifiers

Affected Products

References · 56