CVE-2025-13654

Description

A stack buffer overflow vulnerability exists in the buffer_get function of duc, a disk management tool, where a condition can evaluate to true due to underflow, allowing an out-of-bounds read.

PUBLISHED Reserved 2025-11-25 | Published 2025-12-05 | Updated 2025-12-05 | Assigner certcc

Problem types

CWE-121

Product status

References

www.kb.cert.org/vuls/id/441887

github.com/zevv/duc/releases/tag/1.4.6

kb.cert.org/vuls/id/441887

hackingbydoing.wixsite.com/...t/stack-buffer-overflow-in-duc

cve.org (CVE-2025-13654)

nvd.nist.gov (CVE-2025-13654)