CVE-2025-3409 | THREATINT

Description

A vulnerability classified as critical has been found in Nothings stb up to f056911. This affects the function stb_include_string. The manipulation of the argument path_to_includes leads to stack-based buffer overflow. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.

Es wurde eine Schwachstelle in Nothings stb bis f056911 entdeckt. Sie wurde als kritisch eingestuft. Es geht dabei um die Funktion stb_include_string. Durch Beeinflussen des Arguments path_to_includes mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verfügbar.

Reserved 2025-04-07 | Published 2025-04-08 | Updated 2025-04-08 | Assigner VulDB

MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

MEDIUM: 6.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

MEDIUM: 6.3CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

7.5AV:N/AC:L/Au:N/C:P/I:P/A:P

Problem types

Stack-based Buffer Overflow

Memory Corruption

Product status

f056911

affected

Timeline

2025-04-07:	Advisory disclosed
2025-04-07:	VulDB entry created
2025-04-07:	VulDB entry last update

Credits

ninpwn (VulDB User) reporter

References

vuldb.com/?id.303687 (VDB-303687 | Nothings stb stb_include_string stack-based overflow) vdb-entry technical-description

vuldb.com/?ctiid.303687 (VDB-303687 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.544231 (Submit #544231 | Open Source STB Project (https://github.com/nothings/stb) Latest (<= commit f056911) stb_include_string Stack Buffer Overflow) third-party-advisory

cve.org (CVE-2025-3409)

nvd.nist.gov (CVE-2025-3409)

Download JSON