CVE Details
Basic Information
| Title | Coreutils: heap buffer under-read in gnu coreutils sort via key specification |
|---|---|
| Type | cve |
| Published | 2025-05-27T20:52:58.545Z |
| Last Seen |
Product Information
| Vendor | Red Hat |
|---|---|
| Product | Red Hat Enterprise Linux 10 |
| Version |
CVSS Information
| Base Score | 4.4 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | The GNU Coreutils sort utility is vulnerable to a heap buffer under-read due to a flaw in the begfield() function. This could allow an attacker to access memory outside the allocated buffer when running a crafted command with the traditional key format. The vulnerability may result in crashes or leakage of sensitive data. |
|---|---|
| AI Severity | Medium |
| Vendor | GNU Project |
| Product | GNU Coreutils |
| Affected Version |
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-121 |
| Bulletin Family | |
| Source Data |
Source Information
| Source Data | |
|---|---|
| Source Link |
Description
A flaw was found in GNU Coreutils. The sort utility’s begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.
CVSS Score Summary
Base Score: 4.4 (MEDIUM)