Home

Description

EN DE

A vulnerability has been found in vstakhov libucl up to 0.9.2. Affected by this vulnerability is the function ucl_include_common of the file /src/ucl_util.c. Such manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

Es wurde eine Schwachstelle in vstakhov libucl up to 0.9.2 entdeckt. Betroffen hiervon ist die Funktion ucl_include_common der Datei /src/ucl_util.c. Mittels dem Manipulieren mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss auf lokaler Ebene erfolgen. Der Exploit ist öffentlich verfügbar und könnte genutzt werden.

PUBLISHED Reserved 2025-09-26 | Published 2025-09-26 | Updated 2025-09-26 | Assigner VulDB




MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
MEDIUM: 5.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
MEDIUM: 5.3CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
4.3AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

Problem types

Heap-based Buffer Overflow

Memory Corruption

Product status

0.9.0
affected

0.9.1
affected

0.9.2
affected

Timeline

2025-09-26:Advisory disclosed
2025-09-26:VulDB entry created
2025-09-26:VulDB entry last update

Credits

ahuo (VulDB User) reporter

References

vuldb.com/?id.325953 (VDB-325953 | vstakhov libucl ucl_util.c ucl_include_common heap-based overflow) vdb-entry technical-description

vuldb.com/?ctiid.325953 (VDB-325953 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.654068 (Submit #654068 | vstakhov libucl 0.9.2 / master commit d8af953 Heap-based Buffer Overflow) third-party-advisory

github.com/vstakhov/libucl/issues/337 issue-tracking

github.com/user-attachments/files/22317650/poc.zip exploit

cve.org (CVE-2025-11010)

nvd.nist.gov (CVE-2025-11010)

Download JSON