CVE-2025-5278

MEDIUM

GNU Coreutils - Heap Buffer Under-Read

Title source: llm
STIX 2.1

Description

A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.

References (14)

Core 14
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:28911
https://access.redhat.com/errata/RHSA-2026:28911
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:33124
https://access.redhat.com/errata/RHSA-2026:33124
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:33313
https://access.redhat.com/errata/RHSA-2026:33313
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:33612
https://access.redhat.com/errata/RHSA-2026:33612
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:34102
https://access.redhat.com/errata/RHSA-2026:34102
Vendor Advisory vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2025-5278
Issue Tracking issue-tracking x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2368764

Scores

CVSS v3 4.4
EPSS 0.0022
EPSS Percentile 13.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-121
Status published
Products (18)
Red Hat/Red Hat Discovery 2 1782756541
Red Hat/Red Hat Enterprise Linux 10
Red Hat/Red Hat Enterprise Linux 10 0:9.5-8.el10_2
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 8
Red Hat/Red Hat Enterprise Linux 9
Red Hat/Red Hat Enterprise Linux 9 0:8.32-41.el9_8
Red Hat/Red Hat In-Vehicle Operating System 1
Red Hat/Red Hat Insights proxy 1.5 1782890503
... and 8 more
Published May 27, 2025
Tracked Since Feb 18, 2026