CVE-2025-13654
HIGHzevv duc < 1.4.6 - Stack Buffer Overflow in buffer_get Function
Title source: llmDescription
A stack buffer overflow vulnerability exists in the buffer_get function of duc, a disk management tool, where a condition can evaluate to true due to underflow, allowing an out-of-bounds read.
References (5)
Core 5
Core References
Release Notes
https://github.com/zevv/duc/releases/tag/1.4.6
Exploit, Third Party Advisory
https://hackingbydoing.wixsite.com/hackingbydoing/post/stack-buffer-overflow-in-duc
Third Party Advisory
https://kb.cert.org/vuls/id/441887
Third Party Advisory
https://www.kb.cert.org/vuls/id/441887
Scores
CVSS v3
7.5
EPSS
0.0084
EPSS Percentile
52.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-787
Status
published
Products (1)
zevv/duc
< 1.4.6
Published
Dec 05, 2025
Tracked Since
Feb 18, 2026