CVE-2025-13566
LOWjarun nnn <= 5.1 - Use-After-Free in show_content_in_floating_window/run_cmd_as_plugin
Title source: llmDescription
A security vulnerability has been detected in jarun nnn up to 5.1. The impacted element is the function show_content_in_floating_window/run_cmd_as_plugin of the file nnn/src/nnn.c. The manipulation leads to double free. An attack has to be approached locally. The identifier of the patch is 2f07ccdf21e705377862e5f9dfa31e1694979ac7. It is suggested to install a patch to address this issue.
References (6)
Core 6
Core References
Permissions Required, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.333330
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.333330
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.698113
Issue Tracking issue-tracking
https://github.com/jarun/nnn/issues/2091#issue-3635886658
Issue Tracking issue-tracking
https://github.com/jarun/nnn/issues/2091#issuecomment-3547591759
Scores
CVSS v3
3.3
EPSS
0.0011
EPSS Percentile
1.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-119
CWE-415
Status
published
Products (2)
jarun/nnn
5.0
jarun/nnn
5.1
Published
Nov 23, 2025
Tracked Since
Feb 18, 2026