Description

A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.

INFO

Published Date :

2025-05-27T20:52:58.545Z

Last Modified :

2026-01-22T19:40:58.842Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2025-5278 vulnerability.

Vendors Products
Redhat
  • Enterprise Linux
  • Openshift
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-5278.

URL Resource
http://www.openwall.com/lists/oss-security/2025/05/27/2 cve-icon
http://www.openwall.com/lists/oss-security/2025/05/29/1 cve-icon
http://www.openwall.com/lists/oss-security/2025/05/29/2 cve-icon
https://access.redhat.com/security/cve/CVE-2025-5278 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2368764 cve-icon cve-icon
https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633 cve-icon cve-icon
https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14 cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-5278 cve-icon
https://security-tracker.debian.org/tracker/CVE-2025-5278 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-5278 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact