CVE Catalog

CVE-2025-5278

MediumCVSS 4.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

13th percentile - higher than 13% of all known CVEs

Summary

A flaw was found in GNU Coreutils where the sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format.

Risk Assessment

Malicious input could lead to a crash or leak sensitive data, posing a risk to system confidentiality and availability.

Recommendation

It is recommended to immediately update GNU Coreutils to the latest patched version and avoid running sort commands with untrusted input.

Original NVD description (English source)

A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS