oss-sec mailing list archives
Re: CVE-2025-5278: Heap Buffer Overflow in GNU Coreutils sort
From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Thu, 29 May 2025 08:48:11 -0700
On 5/29/25 02:46, Simon McVittie wrote:
On Tue, 27 May 2025 at 14:43:44 -0700, Alan Coopersmith forwarded:The vulnerability is exploitable when: 1. A user passes the key specification in traditional format ( +0.18446744073709551615R)How would an attacker trigger this? Is this only exploitable if the attacker has control over the sort key (equivalent of -k), *and* the key is passed in to sort(1) via the traditional +POS syntax rather than the POSIX -k option?
An excellent question, but I don't know if the people who were involved in making the decision are on this list. (I wasn't, and was just passing on the information I'd found.) https://www.cve.org/CVERecord?id=CVE-2025-5278 says that Red Hat was the CNA who issued the CVE - perhaps they have some insight? -- -Alan Coopersmith- alan.coopersmith () oracle com Oracle Solaris Engineering - https://blogs.oracle.com/solaris
Current thread:
- CVE-2025-5278: Heap Buffer Overflow in GNU Coreutils sort Alan Coopersmith (May 27)
- Re: CVE-2025-5278: Heap Buffer Overflow in GNU Coreutils sort Simon McVittie (May 29)
- Re: CVE-2025-5278: Heap Buffer Overflow in GNU Coreutils sort Alan Coopersmith (May 29)
- Re: CVE-2025-5278: Heap Buffer Overflow in GNU Coreutils sort Simon McVittie (May 29)