CWE-122
AllowedHeap-based Buffer Overflow
Abstraction: Variant · Status: Draft
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
4111 vulnerabilities reference this CWE, most recent first.
CVE-2025-6270 (GCVE-0-2025-6270)
Vulnerability from cvelistv5 – Published: 2025-06-19 16:31 – Updated: 2025-06-23 19:30| URL | Tags |
|---|---|
| https://vuldb.com/?id.313274 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.313274 | signaturepermissions-required |
| https://vuldb.com/?submit.592588 | third-party-advisory |
| https://github.com/HDFGroup/hdf5/issues/5580 | issue-tracking |
| https://github.com/user-attachments/files/2062664… | exploit |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6270",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T16:17:09.273566Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T19:30:54.188Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/HDFGroup/hdf5/issues/5580"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HDF5",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.14.0"
},
{
"status": "affected",
"version": "1.14.1"
},
{
"status": "affected",
"version": "1.14.2"
},
{
"status": "affected",
"version": "1.14.3"
},
{
"status": "affected",
"version": "1.14.4"
},
{
"status": "affected",
"version": "1.14.5"
},
{
"status": "affected",
"version": "1.14.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Rulkallos (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5FS__sect_find_node of the file H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in HDF5 bis 1.14.6 entdeckt. Hierbei geht es um die Funktion H5FS__sect_find_node der Datei H5FSsection.c. Mittels dem Manipulieren mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-19T16:31:06.224Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-313274 | HDF5 H5FSsection.c H5FS__sect_find_node heap-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.313274"
},
{
"name": "VDB-313274 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.313274"
},
{
"name": "Submit #592588 | HDF5 1.14.6 Heap-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.592588"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/HDFGroup/hdf5/issues/5580"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/user-attachments/files/20626642/reproduce.tar.gz"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-19T08:24:24.000Z",
"value": "VulDB entry last update"
}
],
"title": "HDF5 H5FSsection.c H5FS__sect_find_node heap-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-6270",
"datePublished": "2025-06-19T16:31:06.224Z",
"dateReserved": "2025-06-19T06:19:17.895Z",
"dateUpdated": "2025-06-23T19:30:54.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6269 (GCVE-0-2025-6269)
Vulnerability from cvelistv5 – Published: 2025-06-19 16:00 – Updated: 2025-06-23 19:30| URL | Tags |
|---|---|
| https://vuldb.com/?id.313273 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.313273 | signaturepermissions-required |
| https://vuldb.com/?submit.592587 | third-party-advisory |
| https://github.com/HDFGroup/hdf5/issues/5579 | issue-tracking |
| https://github.com/user-attachments/files/2062650… | exploit |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6269",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T16:17:14.239832Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T19:30:59.733Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/HDFGroup/hdf5/issues/5579"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HDF5",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.14.0"
},
{
"status": "affected",
"version": "1.14.1"
},
{
"status": "affected",
"version": "1.14.2"
},
{
"status": "affected",
"version": "1.14.3"
},
{
"status": "affected",
"version": "1.14.4"
},
{
"status": "affected",
"version": "1.14.5"
},
{
"status": "affected",
"version": "1.14.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Rulkallos (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in HDF5 up to 1.14.6. Affected by this vulnerability is the function H5C__reconstruct_cache_entry of the file H5Cimage.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In HDF5 bis 1.14.6 wurde eine kritische Schwachstelle entdeckt. Dabei geht es um die Funktion H5C__reconstruct_cache_entry der Datei H5Cimage.c. Durch Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-19T16:00:17.595Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-313273 | HDF5 H5Cimage.c H5C__reconstruct_cache_entry heap-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.313273"
},
{
"name": "VDB-313273 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.313273"
},
{
"name": "Submit #592587 | HDF5 1.14.6 Heap-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.592587"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/HDFGroup/hdf5/issues/5579"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/user-attachments/files/20626503/reproduce.tar.gz"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-19T08:24:23.000Z",
"value": "VulDB entry last update"
}
],
"title": "HDF5 H5Cimage.c H5C__reconstruct_cache_entry heap-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-6269",
"datePublished": "2025-06-19T16:00:17.595Z",
"dateReserved": "2025-06-19T06:19:15.662Z",
"dateUpdated": "2025-06-23T19:30:59.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6120 (GCVE-0-2025-6120)
Vulnerability from cvelistv5 – Published: 2025-06-16 11:31 – Updated: 2025-06-16 14:47| URL | Tags |
|---|---|
| https://vuldb.com/?id.312589 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.312589 | signaturepermissions-required |
| https://vuldb.com/?submit.591235 | third-party-advisory |
| https://github.com/assimp/assimp/issues/6220 | issue-tracking |
| https://github.com/assimp/assimp/issues/6220#issu… | issue-tracking |
| https://github.com/user-attachments/files/2060534… | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| Open Asset Import Library | Assimp |
Affected:
5.4.0
Affected: 5.4.1 Affected: 5.4.2 Affected: 5.4.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6120",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-16T14:41:43.487968Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T14:47:28.362Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Assimp",
"vendor": "Open Asset Import Library",
"versions": [
{
"status": "affected",
"version": "5.4.0"
},
{
"status": "affected",
"version": "5.4.1"
},
{
"status": "affected",
"version": "5.4.2"
},
{
"status": "affected",
"version": "5.4.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Rulkallos (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function read_meshes in the library assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future."
},
{
"lang": "de",
"value": "In Open Asset Import Library Assimp bis 5.4.3 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es die Funktion read_meshes in der Bibliothek assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. Mit der Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T11:31:06.030Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-312589 | Open Asset Import Library Assimp HL1MDLLoader.cpp read_meshes heap-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.312589"
},
{
"name": "VDB-312589 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.312589"
},
{
"name": "Submit #591235 | Open Asset Import Library Assimp 5.4.3 Heap-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.591235"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/assimp/assimp/issues/6220"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/assimp/assimp/issues/6220#issuecomment-2945018579"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/user-attachments/files/20605340/read_meshes_reproduce.tar.gz"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-15T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-15T12:23:17.000Z",
"value": "VulDB entry last update"
}
],
"title": "Open Asset Import Library Assimp HL1MDLLoader.cpp read_meshes heap-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-6120",
"datePublished": "2025-06-16T11:31:06.030Z",
"dateReserved": "2025-06-15T10:18:10.430Z",
"dateUpdated": "2025-06-16T14:47:28.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5942 (GCVE-0-2025-5942)
Vulnerability from cvelistv5 – Published: 2025-08-14 04:36 – Updated: 2025-08-18 16:45- CWE-122 - Heap-based Buffer Overflow
| URL | Tags |
|---|---|
| https://www.netskope.com/company/security-complia… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Netskope | Netskope Client |
Affected:
0 , < 126.0.9, 129.0.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5942",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T12:26:26.609310Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T16:45:47.540Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Netskope Client",
"vendor": "Netskope",
"versions": [
{
"lessThan": "126.0.9, 129.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Must be using Netskope Endpoint DLP"
}
],
"value": "Must be using Netskope Endpoint DLP"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thomas Brice"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Netskope was notified about a potential gap in its agent (NS Client) on Windows systems. If this gap is successfully exploited, an unprivileged user can trigger a heap overflow in the epdlpdrv.sys driver, leading to a Blue-Screen-of-Death (BSOD). Successful exploitation can also potentially be performed by an unprivileged user whose NS Client is configured to use Endpoint DLP. A successful exploit can result in a denial-of-service for the local machine."
}
],
"value": "Netskope was notified about a potential gap in its agent (NS Client) on Windows systems. If this gap is successfully exploited, an unprivileged user can trigger a heap overflow in the epdlpdrv.sys driver, leading to a Blue-Screen-of-Death (BSOD). Successful exploitation can also potentially be performed by an unprivileged user whose NS Client is configured to use Endpoint DLP. A successful exploit can result in a denial-of-service for the local machine."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T04:36:05.383Z",
"orgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc",
"shortName": "Netskope"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2025-003"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the Netskope Client to version 129.0.0 or newer, or to the hotfix version of 126.0.9.\u0026nbsp;"
}
],
"value": "Update the Netskope Client to version 129.0.0 or newer, or to the hotfix version of 126.0.9."
}
],
"source": {
"advisory": "NSKPSA-2025-003",
"discovery": "EXTERNAL"
},
"title": "Heap Overflow in Netskope Endpoint DLP Driver",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Some AV and EDR solutions may be able to detect the behaviors associated with exploiting this vulnerability."
}
],
"value": "Some AV and EDR solutions may be able to detect the behaviors associated with exploiting this vulnerability."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc",
"assignerShortName": "Netskope",
"cveId": "CVE-2025-5942",
"datePublished": "2025-08-14T04:36:05.383Z",
"dateReserved": "2025-06-09T16:38:43.986Z",
"dateUpdated": "2025-08-18T16:45:47.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5915 (GCVE-0-2025-5915)
Vulnerability from cvelistv5 – Published: 2025-06-09 19:49 – Updated: 2026-06-30 10:40- CWE-122 - Heap-based Buffer Overflow
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2025-5915 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2370865 | issue-trackingx_refsource_REDHAT |
| https://github.com/libarchive/libarchive/pull/2599 | |
| https://github.com/libarchive/libarchive/releases… |
| Vendor | Product | Version | |
|---|---|---|---|
|
Affected:
0 , < 3.8.0
(semver)
|
|||
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5915",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T14:04:12.513329Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T14:04:33.348Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/libarchive/libarchive/",
"defaultStatus": "unaffected",
"packageName": "libarchive",
"versions": [
{
"lessThan": "3.8.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"datePublic": "2025-05-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T10:40:27.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-5915"
},
{
"name": "RHBZ#2370865",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370865"
},
{
"url": "https://github.com/libarchive/libarchive/pull/2599"
},
{
"url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-06T18:03:54.692Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-05-20T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Libarchive: heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c",
"workarounds": [
{
"lang": "en",
"value": "Upgrade to libarchive version 3.8.0 or later, which includes important security fixes and stability improvements."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-5915",
"datePublished": "2025-06-09T19:49:02.143Z",
"dateReserved": "2025-06-09T08:10:36.710Z",
"dateUpdated": "2026-06-30T10:40:27.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-5830 (GCVE-0-2025-5830)
Vulnerability from cvelistv5 – Published: 2025-06-25 18:01 – Updated: 2025-06-26 13:16- CWE-122 - Heap-based Buffer Overflow
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Autel | Autel MaxiCharger AC Wallbox Commercial |
Affected:
1.36.00
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5830",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-26T13:16:25.684852Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-26T13:16:32.252Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Autel MaxiCharger AC Wallbox Commercial",
"vendor": "Autel",
"versions": [
{
"status": "affected",
"version": "1.36.00"
}
]
}
],
"dateAssigned": "2025-06-06T19:17:13.272Z",
"datePublic": "2025-06-11T17:27:46.341Z",
"descriptions": [
{
"lang": "en",
"value": "Autel MaxiCharger AC Wallbox Commercial DLB_SlaveRegister Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of DLB_SlaveRegister messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26327."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T18:01:20.050Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-25-349",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-349/"
}
],
"source": {
"lang": "en",
"value": "PHP Hooligans"
},
"title": "Autel MaxiCharger AC Wallbox Commercial DLB_SlaveRegister Heap-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2025-5830",
"datePublished": "2025-06-25T18:01:20.050Z",
"dateReserved": "2025-06-06T19:17:13.239Z",
"dateUpdated": "2025-06-26T13:16:32.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5750 (GCVE-0-2025-5750)
Vulnerability from cvelistv5 – Published: 2025-06-06 15:29 – Updated: 2025-06-06 15:54- CWE-122 - Heap-based Buffer Overflow
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| WOLFBOX | Level 2 EV Charger |
Affected:
3.1.17 (main), 1.2.6 (MCU)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5750",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-06T15:54:15.792145Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-06T15:54:21.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Level 2 EV Charger",
"vendor": "WOLFBOX",
"versions": [
{
"status": "affected",
"version": "3.1.17 (main), 1.2.6 (MCU)"
}
]
}
],
"dateAssigned": "2025-06-05T20:45:35.381Z",
"datePublic": "2025-06-06T15:28:37.325Z",
"descriptions": [
{
"lang": "en",
"value": "WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WOLFBOX Level 2 EV Charger. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of the secKey, localKey, stdTimeZone and devId parameters. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26294."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-06T15:29:55.993Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-25-329",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-329/"
}
],
"source": {
"lang": "en",
"value": "Rafal Goryl of PixiePoint Security"
},
"title": "WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse Heap-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2025-5750",
"datePublished": "2025-06-06T15:29:55.993Z",
"dateReserved": "2025-06-05T20:45:35.342Z",
"dateUpdated": "2025-06-06T15:54:21.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5517 (GCVE-0-2025-5517)
Vulnerability from cvelistv5 – Published: 2025-10-20 18:27 – Updated: 2025-10-20 18:47- CWE-122 - Heap-based Buffer Overflow
| Vendor | Product | Version | |
|---|---|---|---|
| ABB | Terra AC wallbox (UL40/80A) |
Affected:
0 , ≤ 1.8.32
(custom)
|
|
| ABB | Terra AC wallbox (UL32A) |
Affected:
0 , ≤ 1.8.2
(custom)
|
|
| ABB | Terra AC wallbox (MID/ CE) -Terra AC MID |
Affected:
0 , ≤ 1.8.32
(custom)
|
|
| ABB | Terra AC wallbox (MID/ CE) -Terra AC Juno CE |
Affected:
0 , ≤ 1.8.32
(custom)
|
|
| ABB | Terra AC wallbox (MID/ CE) -Terra AC PTB |
Affected:
0 , ≤ 1.8.21
(custom)
|
|
| ABB | Terra AC wallbox (JP) |
Affected:
0 , ≤ 1.8.2
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5517",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-20T18:47:11.327089Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T18:47:22.917Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (UL40/80A)",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.8.32",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (UL32A)",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (MID/ CE) -Terra AC MID",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.8.32",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (MID/ CE) -Terra AC Juno CE",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.8.32",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (MID/ CE) -Terra AC PTB",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.8.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (JP)",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ABB also acknowledges and thanks Itai Shmueli from Saiflow who also responsibly disclosed these vulnerabilities and provided valuable input on product improvements."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Heap-based Buffer Overflow vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (MID/ CE) -Terra AC MID, ABB Terra AC wallbox (MID/ CE) -Terra AC Juno CE, ABB Terra AC wallbox (MID/ CE) -Terra AC PTB, ABB Terra AC wallbox (JP).\u003cp\u003eThis issue affects Terra AC wallbox (UL40/80A): through 1.8.32; Terra AC wallbox (UL32A): through 1.8.2; Terra AC wallbox (MID/ CE) -Terra AC MID: through 1.8.32; Terra AC wallbox (MID/ CE) -Terra AC Juno CE: through 1.8.32; Terra AC wallbox (MID/ CE) -Terra AC PTB: through 1.8.21; Terra AC wallbox (JP): through 1.8.2.\u003c/p\u003e"
}
],
"value": "Heap-based Buffer Overflow vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (MID/ CE) -Terra AC MID, ABB Terra AC wallbox (MID/ CE) -Terra AC Juno CE, ABB Terra AC wallbox (MID/ CE) -Terra AC PTB, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): through 1.8.32; Terra AC wallbox (UL32A): through 1.8.2; Terra AC wallbox (MID/ CE) -Terra AC MID: through 1.8.32; Terra AC wallbox (MID/ CE) -Terra AC Juno CE: through 1.8.32; Terra AC wallbox (MID/ CE) -Terra AC PTB: through 1.8.21; Terra AC wallbox (JP): through 1.8.2."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T18:27:32.374Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A8948\u0026LanguageCode=en\u0026DocumentPartId=PDF\u0026Action=Launch"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The problem is corrected in the following product versions; apply the following update depending on product variant:\u003cul\u003e\u003cli\u003eTerra AC wallbox (UL40/80A) 1.8.33\u003c/li\u003e\u003cli\u003eTerra AC wallbox (UL32A) 1.8.34\u003c/li\u003e\u003cli\u003eTerra AC MID 1.8.34\u003c/li\u003e\u003cli\u003eTerra AC Juno CE 1.8.34\u003c/li\u003e\u003cli\u003eTerra AC PTB 1.8.33\u003c/li\u003e\u003cli\u003eTerra AC wallbox (JP) 1.8.34\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "The problem is corrected in the following product versions; apply the following update depending on product variant: * Terra AC wallbox (UL40/80A) 1.8.33\n * Terra AC wallbox (UL32A) 1.8.34\n * Terra AC MID 1.8.34\n * Terra AC Juno CE 1.8.34\n * Terra AC PTB 1.8.33\n * Terra AC wallbox (JP) 1.8.34"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Heap Memory Corruption Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2025-5517",
"datePublished": "2025-10-20T18:27:32.374Z",
"dateReserved": "2025-06-03T08:51:33.612Z",
"dateUpdated": "2025-10-20T18:47:22.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5479 (GCVE-0-2025-5479)
Vulnerability from cvelistv5 – Published: 2025-06-21 00:09 – Updated: 2025-06-23 14:46- CWE-122 - Heap-based Buffer Overflow
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| https://www.sony.com/electronics/support/mobile-c… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Sony | XAV-AX8500 |
Affected:
2.00.01
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5479",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T14:46:30.528897Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T14:46:36.269Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "XAV-AX8500",
"vendor": "Sony",
"versions": [
{
"status": "affected",
"version": "2.00.01"
}
]
}
],
"dateAssigned": "2025-06-02T19:14:53.332Z",
"datePublic": "2025-06-11T17:41:06.403Z",
"descriptions": [
{
"lang": "en",
"value": "Sony XAV-AX8500 Bluetooth AVCTP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sony XAV-AX8500 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the implementation of the Bluetooth AVCTP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26290."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-21T00:09:53.931Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-25-356",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-356/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax8500/software/00344092"
}
],
"source": {
"lang": "en",
"value": "Team Confused"
},
"title": "Sony XAV-AX8500 Bluetooth AVCTP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2025-5479",
"datePublished": "2025-06-21T00:09:53.931Z",
"dateReserved": "2025-06-02T19:14:53.281Z",
"dateUpdated": "2025-06-23T14:46:36.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5477 (GCVE-0-2025-5477)
Vulnerability from cvelistv5 – Published: 2025-06-21 00:10 – Updated: 2025-06-23 14:45- CWE-122 - Heap-based Buffer Overflow
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| https://www.sony.com/electronics/support/mobile-c… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Sony | XAV-AX8500 |
Affected:
2.00.01
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5477",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T14:45:19.938243Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T14:45:26.068Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "XAV-AX8500",
"vendor": "Sony",
"versions": [
{
"status": "affected",
"version": "2.00.01"
}
]
}
],
"dateAssigned": "2025-06-02T19:14:45.681Z",
"datePublic": "2025-06-11T17:40:51.489Z",
"descriptions": [
{
"lang": "en",
"value": "Sony XAV-AX8500 Bluetooth L2CAP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sony XAV-AX8500 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the implementation of the Bluetooth L2CAP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the elysian-bt-service process. Was ZDI-CAN-26286."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-21T00:10:01.983Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-25-354",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-354/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax8500/software/00344092"
}
],
"source": {
"lang": "en",
"value": "Mikhail Evdokimov (@konatabrk) from PCAutomotive"
},
"title": "Sony XAV-AX8500 Bluetooth L2CAP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2025-5477",
"datePublished": "2025-06-21T00:10:01.983Z",
"dateReserved": "2025-06-02T19:14:45.641Z",
"dateUpdated": "2025-06-23T14:45:26.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Pre-design: Use a language or compiler that performs automatic bounds checking.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation MIT-10
Strategy: Environment Hardening
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation MIT-11
Strategy: Environment Hardening
- Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
- Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
- For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
Mitigation
Implement and perform bounds checking on input.
Mitigation
Strategy: Libraries or Frameworks
Do not use dangerous functions such as gets. Look for their safe equivalent, which checks for the boundary.
Mitigation
Use OS-level preventative functionality. This is not a complete solution, but it provides some defense in depth.
CAPEC-92: Forced Integer Overflow
This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.