CVE-2025-3017 (GCVE-0-2025-3017)

Vulnerability from cvelistv5 – Published: 2025-03-31 21:31 – Updated: 2025-04-01 20:06
VLAI?
Title
TA-Lib ta_regtest test_minmax.c setInputBuffer out-of-bounds write
Summary
A vulnerability, which was classified as critical, has been found in TA-Lib up to 0.6.4. This issue affects the function setInputBuffer of the file src/tools/ta_regtest/ta_test_func/test_minmax.c of the component ta_regtest. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of the patch is 5879180e9070ec35d52948f2f57519713256a0f1. It is recommended to apply a patch to fix this issue.
Severity ?
4.8 (Medium)
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
5.3 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.3 (Medium)
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a TA-Lib Affected: 0.6.0
Affected: 0.6.1
Affected: 0.6.2
Affected: 0.6.3
Affected: 0.6.4
Credits
tyy_qqq (VulDB User)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-3017",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-01T20:06:42.580044Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-01T20:06:50.627Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "ta_regtest"
          ],
          "product": "TA-Lib",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "0.6.0"
            },
            {
              "status": "affected",
              "version": "0.6.1"
            },
            {
              "status": "affected",
              "version": "0.6.2"
            },
            {
              "status": "affected",
              "version": "0.6.3"
            },
            {
              "status": "affected",
              "version": "0.6.4"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "tyy_qqq (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability, which was classified as critical, has been found in TA-Lib up to 0.6.4. This issue affects the function setInputBuffer of the file src/tools/ta_regtest/ta_test_func/test_minmax.c of the component ta_regtest. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of the patch is 5879180e9070ec35d52948f2f57519713256a0f1. It is recommended to apply a patch to fix this issue."
        },
        {
          "lang": "de",
          "value": "Eine Schwachstelle wurde in TA-Lib bis 0.6.4 entdeckt. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion setInputBuffer der Datei src/tools/ta_regtest/ta_test_func/test_minmax.c der Komponente ta_regtest. Durch das Beeinflussen mit unbekannten Daten kann eine out-of-bounds write-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 5879180e9070ec35d52948f2f57519713256a0f1 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 4.3,
            "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "Memory Corruption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-31T21:31:10.492Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-302069 | TA-Lib ta_regtest test_minmax.c setInputBuffer out-of-bounds write",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.302069"
        },
        {
          "name": "VDB-302069 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.302069"
        },
        {
          "name": "Submit #524603 | TA-Lib Project ta-lib 0.6.4 Out-of-bounds Write",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.524603"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/TA-Lib/ta-lib/issues/61"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/TA-Lib/ta-lib/pull/62"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/TA-Lib/ta-lib/issues/61#issue-2931609110"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/TA-Lib/ta-lib/commit/5879180e9070ec35d52948f2f57519713256a0f1"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-03-31T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-03-31T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-03-31T07:47:48.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "TA-Lib ta_regtest test_minmax.c setInputBuffer out-of-bounds write"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-3017",
    "datePublished": "2025-03-31T21:31:10.492Z",
    "dateReserved": "2025-03-31T05:42:40.877Z",
    "dateUpdated": "2025-04-01T20:06:50.627Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-3017",
      "date": "2026-05-09",
      "epss": "0.00119",
      "percentile": "0.30323"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-3017\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2025-03-31T22:15:22.807\",\"lastModified\":\"2025-04-01T20:26:22.890\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability, which was classified as critical, has been found in TA-Lib up to 0.6.4. This issue affects the function setInputBuffer of the file src/tools/ta_regtest/ta_test_func/test_minmax.c of the component ta_regtest. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of the patch is 5879180e9070ec35d52948f2f57519713256a0f1. It is recommended to apply a patch to fix this issue.\"},{\"lang\":\"es\",\"value\":\"Se ha detectado una vulnerabilidad clasificada como cr\u00edtica en TA-Lib hasta la versi\u00f3n 0.6.4. Este problema afecta a la funci\u00f3n setInputBuffer del archivo src/tools/ta_regtest/ta_test_func/test_minmax.c del componente ta_regtest. La manipulaci\u00f3n provoca escritura fuera de los l\u00edmites. Es posible lanzar el ataque en el host local. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. El identificador del parche es 5879180e9070ec35d52948f2f57519713256a0f1. Se recomienda aplicar un parche para solucionar este problema.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":3.4}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":4.3,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.1,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"},{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"references\":[{\"url\":\"https://github.com/TA-Lib/ta-lib/commit/5879180e9070ec35d52948f2f57519713256a0f1\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://github.com/TA-Lib/ta-lib/issues/61\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://github.com/TA-Lib/ta-lib/issues/61#issue-2931609110\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://github.com/TA-Lib/ta-lib/pull/62\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?ctiid.302069\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?id.302069\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?submit.524603\",\"source\":\"cna@vuldb.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-3017\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-01T20:06:42.580044Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-01T20:06:45.619Z\"}}], \"cna\": {\"title\": \"TA-Lib ta_regtest test_minmax.c setInputBuffer out-of-bounds write\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"tyy_qqq (VulDB User)\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 4.8, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 4.3, \"vectorString\": \"AV:L/AC:L/Au:S/C:P/I:P/A:P\"}}], \"affected\": [{\"vendor\": \"n/a\", \"modules\": [\"ta_regtest\"], \"product\": \"TA-Lib\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.6.0\"}, {\"status\": \"affected\", \"version\": \"0.6.1\"}, {\"status\": \"affected\", \"version\": \"0.6.2\"}, {\"status\": \"affected\", \"version\": \"0.6.3\"}, {\"status\": \"affected\", \"version\": \"0.6.4\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-03-31T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2025-03-31T02:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2025-03-31T07:47:48.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/?id.302069\", \"name\": \"VDB-302069 | TA-Lib ta_regtest test_minmax.c setInputBuffer out-of-bounds write\", \"tags\": [\"vdb-entry\", \"technical-description\"]}, {\"url\": \"https://vuldb.com/?ctiid.302069\", \"name\": \"VDB-302069 | CTI Indicators (IOB, IOC, IOA)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/?submit.524603\", \"name\": \"Submit #524603 | TA-Lib Project ta-lib 0.6.4 Out-of-bounds Write\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://github.com/TA-Lib/ta-lib/issues/61\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://github.com/TA-Lib/ta-lib/pull/62\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://github.com/TA-Lib/ta-lib/issues/61#issue-2931609110\", \"tags\": [\"exploit\", \"issue-tracking\"]}, {\"url\": \"https://github.com/TA-Lib/ta-lib/commit/5879180e9070ec35d52948f2f57519713256a0f1\", \"tags\": [\"patch\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability, which was classified as critical, has been found in TA-Lib up to 0.6.4. This issue affects the function setInputBuffer of the file src/tools/ta_regtest/ta_test_func/test_minmax.c of the component ta_regtest. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of the patch is 5879180e9070ec35d52948f2f57519713256a0f1. It is recommended to apply a patch to fix this issue.\"}, {\"lang\": \"de\", \"value\": \"Eine Schwachstelle wurde in TA-Lib bis 0.6.4 entdeckt. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion setInputBuffer der Datei src/tools/ta_regtest/ta_test_func/test_minmax.c der Komponente ta_regtest. Durch das Beeinflussen mit unbekannten Daten kann eine out-of-bounds write-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur \\u00f6ffentlichen Verf\\u00fcgung. Der Patch wird als 5879180e9070ec35d52948f2f57519713256a0f1 bezeichnet. Als bestm\\u00f6gliche Massnahme wird Patching empfohlen.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"Out-of-bounds Write\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-119\", \"description\": \"Memory Corruption\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2025-03-31T21:31:10.492Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-3017\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-01T20:06:50.627Z\", \"dateReserved\": \"2025-03-31T05:42:40.877Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2025-03-31T21:31:10.492Z\", \"assignerShortName\": \"VulDB\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.