Home

Description

The YouDao plugin for StarDict, as used in stardict 3.0.7+git20220909+dfsg-6 in Debian trixie and elsewhere, sends an X11 selection to the dict.youdao.com and dict.cn servers via cleartext HTTP.

PUBLISHED Reserved 2025-08-04 | Published 2025-08-04 | Updated 2025-08-13 | Assigner mitre




MEDIUM: 4.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

Problem types

CWE-402 Transmission of Private Resources into a New Sphere ('Resource Leak')

Product status

Default status
unknown

Any version
affected

References

www.openwall.com/lists/oss-security/2025/08/04/1

lists.debian.org/debian-user/2025/08/msg00076.html

packages.debian.org/trixie/stardict

packages.debian.org/trixie/stardict-gtk

bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110370

stardict-4.sourceforge.net/index_en.php

cve.org (CVE-2025-55014)

nvd.nist.gov (CVE-2025-55014)

Download JSON