CVE-2025-5278

Summary

A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.

Affected Software

VendorProductVersion RangeStatus
7.2 < 9.8affected
Red HatRed Hat Enterprise Linux 100:9.5-8.el10_2 < *unaffected
Red HatRed Hat Enterprise Linux 90:8.32-41.el9_8 < *unaffected
Red HatRed Hat Discovery 21782756541 < *unaffected
Red HatRed Hat Insights proxy 1.51782890503 < *unaffected
Red HatRed Hat OpenShift distributed tracing 3.10.11782501180 < *unaffected
Red HatRed Hat OpenShift distributed tracing 3.10.11782501200 < *unaffected
Red HatRed Hat OpenShift distributed tracing 3.10.11782498923 < *unaffected
Red HatRed Hat OpenShift distributed tracing 3.10.11782510941 < *unaffected
Red HatRed Hat OpenShift distributed tracing 3.10.11782501220 < *unaffected
Red HatRed Hat OpenShift distributed tracing 3.10.11782501196 < *unaffected
Red HatRed Hat OpenShift distributed tracing 3.10.11782501195 < *unaffected

Weaknesses

  • CWE-121: Stack-based Buffer Overflow

Workarounds

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References