CVE-2025-5278
A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access
CVSS
4.4
Medio
EPSS
0.2%
p13
KEV
—
Exploit Today
4
0-100
Publicado: 27 may 2025 · Última mod.: 15 jul 2026 · CWE-121
0.2%EPSS · 30 días0.2%
2026-06-302026-07-18
A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:28911
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:33124
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:33313
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:33612
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:34102
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:39981
- access.redhat.comhttps://access.redhat.com/security/cve/CVE-2025-5278
- bugzilla.redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2368764
- cgit.git.savannah.gnu.orghttps://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633
- debbugs.gnu.orghttps://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507
- www.openwall.comhttp://www.openwall.com/lists/oss-security/2025/05/27/2
- www.openwall.comhttp://www.openwall.com/lists/oss-security/2025/05/29/1
- www.openwall.comhttp://www.openwall.com/lists/oss-security/2025/05/29/2
- cgit.git.savannah.gnu.orghttps://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633
- cgit.git.savannah.gnu.orghttps://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14
- security-tracker.debian.orghttps://security-tracker.debian.org/tracker/CVE-2025-5278
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2025-510878.6 ALT94.0%
——28Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow.14dCVE-2025-510885.3 MED92.6%
——28Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/WifiGuestSet. The manipulation of the argument `shareSpeed` leads to stack-based buffer overflow.14dCVE-2025-510855.3 MED92.6%
——28Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/SetSysTimeCfg. The manipulation of the argument `timeZone` and `timeType` leads to stack-based buffer overflow.14dCVE-2021-271378.1 ALT91.8%
——28An issue was discovered in router/upnp/src/ssdp.c in DD-WRT before 45724. An unsafe strcpy in the UPnP handling functionality allows an unauthenticated remote attacker to send a request that would overflow an internal fixed buffer. Exploitation requires the DD-WRT user to enable UPnP (which is off by default, and only listens on internal interfaces by default). This occurs in ssdp_msearch (reachable by an M-SEARCH request).1dCVE-2025-606908.8 ALT89.1%
——27A stack-based buffer overflow exists in the get_merge_ipaddr function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function concatenates up to four user-supplied CGI parameters matching <parameter>_0~3 into a fixed-size buffer (a2) without bounds checking. Remote attackers can exploit this vulnerability via specially crafted HTTP requests to execute arbitrary code or cause denial of service without authentication.14dCVE-2026-248818.1 ALT75.3%
——23In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.4d