Action not permitted
Modal body text goes here.
Modal Title
Modal Body
Title
GNU coreutils缓冲区溢出漏洞
Description
GNU coreutils是GNU社区的一个核心工具组。
GNU coreutils存在缓冲区溢出漏洞,该漏洞源于sort工具中函数begfield在处理不受信任的输入时出现边界错误,攻击者可利用该漏洞导致崩溃或数据泄露。
Severity
低
Formal description
目前厂商尚未发布升级程序修复该安全问题,详情见厂商官网: https://www.gnu.org/
Reference
https://access.redhat.com/security/cve/CVE-2025-5278
Impacted products
| Name | Gnu GNU coreutils |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2025-5278",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278"
}
},
"description": "GNU coreutils\u662fGNU\u793e\u533a\u7684\u4e00\u4e2a\u6838\u5fc3\u5de5\u5177\u7ec4\u3002\n\nGNU coreutils\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8esort\u5de5\u5177\u4e2d\u51fd\u6570begfield\u5728\u5904\u7406\u4e0d\u53d7\u4fe1\u4efb\u7684\u8f93\u5165\u65f6\u51fa\u73b0\u8fb9\u754c\u9519\u8bef\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u5d29\u6e83\u6216\u6570\u636e\u6cc4\u9732\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5c1a\u672a\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51\uff1a\r\nhttps://www.gnu.org/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2025-11923",
"openTime": "2025-06-09",
"products": {
"product": "Gnu GNU coreutils"
},
"referenceLink": "https://access.redhat.com/security/cve/CVE-2025-5278",
"serverity": "\u4f4e",
"submitTime": "2025-05-30",
"title": "GNU coreutils\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}
CVE-2025-5278 (GCVE-0-2025-5278)
Vulnerability from cvelistv5 – Published: 2025-05-27 20:52 – Updated: 2026-07-01 09:35
VLAI
EPSS
Title
Coreutils: heap buffer under-read in gnu coreutils sort via key specification
Summary
A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.
Severity
4.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
14 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:28911 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:33124 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:33313 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:33612 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:34102 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2025-5278 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2368764 | issue-trackingx_refsource_REDHAT |
| https://cgit.git.savannah.gnu.org/cgit/coreutils.… | |
| https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 | |
| http://www.openwall.com/lists/oss-security/2025/05/27/2 | |
| http://www.openwall.com/lists/oss-security/2025/05/29/1 | |
| https://security-tracker.debian.org/tracker/CVE-2… | |
| https://cgit.git.savannah.gnu.org/cgit/coreutils.… | |
| http://www.openwall.com/lists/oss-security/2025/05/29/2 |
Impacted products
16 products
| Vendor | Product | Version | |
|---|---|---|---|
|
Affected:
7.2 , < 9.8
(semver)
|
|||
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:9.5-8.el10_2 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:8.32-41.el9_8 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:9::baseos |
|
| Red Hat | Red Hat Discovery 2 |
Unaffected:
1782756541 , < *
(rpm)
cpe:/a:redhat:discovery:2::el9 |
|
| Red Hat | Red Hat Insights proxy 1.5 |
Unaffected:
1782890503 , < *
(rpm)
cpe:/a:redhat:insights_proxy:1.5::el9 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.10.1 |
Unaffected:
1782501180 , < *
(rpm)
cpe:/a:redhat:openshift_distributed_tracing:3.10::el9 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.10.1 |
Unaffected:
1782501200 , < *
(rpm)
cpe:/a:redhat:openshift_distributed_tracing:3.10::el9 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.10.1 |
Unaffected:
1782498923 , < *
(rpm)
cpe:/a:redhat:openshift_distributed_tracing:3.10::el9 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.10.1 |
Unaffected:
1782510941 , < *
(rpm)
cpe:/a:redhat:openshift_distributed_tracing:3.10::el9 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.10.1 |
Unaffected:
1782501220 , < *
(rpm)
cpe:/a:redhat:openshift_distributed_tracing:3.10::el9 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.10.1 |
Unaffected:
1782501196 , < *
(rpm)
cpe:/a:redhat:openshift_distributed_tracing:3.10::el9 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.10.1 |
Unaffected:
1782501195 , < *
(rpm)
cpe:/a:redhat:openshift_distributed_tracing:3.10::el9 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
Date Public
2025-05-27 00:00
Credits
Red Hat would like to thank Mohamed Maatallah for reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-05-29T18:03:55.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/05/27/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/05/29/1"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2025-5278"
},
{
"url": "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633"
},
{
"url": "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/05/29/2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5278",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T13:46:35.101788Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T13:48:21.860Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/",
"defaultStatus": "unaffected",
"packageName": "coreutils",
"versions": [
{
"lessThan": "9.8",
"status": "affected",
"version": "7.2",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"packageName": "coreutils",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:9.5-8.el10_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "coreutils",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:8.32-41.el9_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:discovery:2::el9"
],
"defaultStatus": "affected",
"packageName": "discovery/discovery-ui-rhel9",
"product": "Red Hat Discovery 2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1782756541",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:insights_proxy:1.5::el9"
],
"defaultStatus": "affected",
"packageName": "insights-proxy/insights-proxy-container-rhel9",
"product": "Red Hat Insights proxy 1.5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1782890503",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.10::el9"
],
"defaultStatus": "affected",
"packageName": "rhosdt/tempo-gateway-opa-rhel9",
"product": "Red Hat OpenShift distributed tracing 3.10.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1782501180",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.10::el9"
],
"defaultStatus": "affected",
"packageName": "rhosdt/tempo-gateway-rhel9",
"product": "Red Hat OpenShift distributed tracing 3.10.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1782501200",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.10::el9"
],
"defaultStatus": "affected",
"packageName": "rhosdt/tempo-jaeger-query-rhel9",
"product": "Red Hat OpenShift distributed tracing 3.10.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1782498923",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.10::el9"
],
"defaultStatus": "affected",
"packageName": "rhosdt/tempo-operator-bundle",
"product": "Red Hat OpenShift distributed tracing 3.10.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1782510941",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.10::el9"
],
"defaultStatus": "affected",
"packageName": "rhosdt/tempo-query-rhel9",
"product": "Red Hat OpenShift distributed tracing 3.10.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1782501220",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.10::el9"
],
"defaultStatus": "affected",
"packageName": "rhosdt/tempo-rhel9",
"product": "Red Hat OpenShift distributed tracing 3.10.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1782501196",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.10::el9"
],
"defaultStatus": "affected",
"packageName": "rhosdt/tempo-rhel9-operator",
"product": "Red Hat OpenShift distributed tracing 3.10.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1782501195",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "coreutils",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "coreutils",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "coreutils",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Mohamed Maatallah for reporting this issue."
}
],
"datePublic": "2025-05-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in GNU Coreutils. The sort utility\u0027s begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T09:35:48.174Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2026:28911",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28911"
},
{
"name": "RHSA-2026:33124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33124"
},
{
"name": "RHSA-2026:33313",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"name": "RHSA-2026:33612",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33612"
},
{
"name": "RHSA-2026:34102",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-5278"
},
{
"name": "RHBZ#2368764",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368764"
},
{
"url": "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633"
},
{
"url": "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-27T13:50:20.148Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-05-27T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Coreutils: heap buffer under-read in gnu coreutils sort via key specification",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-121: Stack-based Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-5278",
"datePublished": "2025-05-27T20:52:58.545Z",
"dateReserved": "2025-05-27T14:05:48.552Z",
"dateUpdated": "2026-07-01T09:35:48.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…