CVE-2025-6499
vstakhov libucl ucl_parser.c ucl_parse_multiline_string heap-based overflow
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
vstakhov libucl ucl_parser.c ucl_parse_multiline_string heap-based overflow
A vulnerability classified as problematic was found in vstakhov libucl up to 0.9.2. Affected by this vulnerability is the function ucl_parse_multiline_string of the file src/ucl_parser.c. The manipulation leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
In vstakhov libucl bis 0.9.2 wurde eine problematische Schwachstelle entdeckt. Es geht um die Funktion ucl_parse_multiline_string der Datei src/ucl_parser.c. Mittels dem Manipulieren mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
| 2025-06-22: | Advisory disclosed |
| 2025-06-22: | VulDB entry created |
| 2025-06-22: | VulDB entry last update |
JJLeo (VulDB User)
vuldb.com/?id.313615 (VDB-313615 | vstakhov libucl ucl_parser.c ucl_parse_multiline_string heap-based overflow)
vuldb.com/?ctiid.313615 (VDB-313615 | CTI Indicators (IOB, IOC, IOA))
vuldb.com/?submit.601011 (Submit #601011 | vstakhov libucl libucl 0.9.2 (commit 3e7f023) Heap-based Buffer Overflow)
github.com/vstakhov/libucl/issues/319
github.com/user-attachments/files/19825399/libucl_crash.txt
Support options
