Home

Description

A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.

PUBLISHED Reserved 2025-05-27 | Published 2025-05-27 | Updated 2026-05-19 | Assigner redhat




MEDIUM: 4.4CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Problem types

Stack-based Buffer Overflow

Product status

Default status
unaffected

7.2 (semver) before 9.8
affected

Default status
affected

Default status
unknown

Default status
unknown

Default status
affected

Default status
affected

Default status
affected

Timeline

2025-05-27:Reported to Red Hat.
2025-05-27:Made public.

Credits

Red Hat would like to thank Mohamed Maatallah for reporting this issue.

References

www.openwall.com/lists/oss-security/2025/05/27/2

www.openwall.com/lists/oss-security/2025/05/29/1

security-tracker.debian.org/tracker/CVE-2025-5278

cgit.git.savannah.gnu.org/...145e9596dc1a63c6ed67865814b6633

cgit.git.savannah.gnu.org/...145e9596dc1a63c6ed67865814b6633

www.openwall.com/lists/oss-security/2025/05/29/2

access.redhat.com/security/cve/CVE-2025-5278 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2368764 (RHBZ#2368764) issue-tracking

cgit.git.savannah.gnu.org/...145e9596dc1a63c6ed67865814b6633

debbugs.gnu.org/cgi/bugreport.cgi?bug=78507

cve.org (CVE-2025-5278)

nvd.nist.gov (CVE-2025-5278)

Download JSON