Description

Finit provides fast init for Linux systems. Finit's urandom plugin has a heap buffer overwrite vulnerability at boot which leads to it overwriting other parts of the heap, possibly causing random instabilities and undefined behavior. The urandom plugin is enabled by default, so this bug affects everyone using Finit 4.2 or later that do not explicitly disable the plugin at build time. This bug is fixed in Finit 4.12. Those who cannot upgrade or backport the fix to urandom.c are strongly recommended to disable the plugin in the call to the `configure` script.

INFO

Published Date :

2025-05-06T16:57:30.855Z

Last Modified :

2025-05-06T17:22:16.925Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-32022 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-32022.

URL Resource
https://github.com/troglobit/finit/commit/3feff37ba51fa0a6a0a06f59682a0918aa5b04de cve-icon cve-icon
https://github.com/troglobit/finit/security/advisories/GHSA-fv6v-vw8h-9x79 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact