{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0633", "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "state": "PUBLISHED", "assignerShortName": "samsung.tv_appliance", "dateReserved": "2025-01-22T06:51:12.359Z", "datePublished": "2025-02-19T07:01:22.478Z", "dateUpdated": "2025-02-19T21:15:54.695Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "iniparser", "repo": "https://gitlab.com/iniparser/iniparser", "vendor": "iniparser", "versions": [{"lessThan": "4.2.6", "status": "affected", "version": "3.1", "versionType": "git"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Heap-based Buffer Overflow vulnerability in&nbsp;iniparser_dumpsection_ini() in iniparser allows attacker to read out of bound memory<p><br></p>"}], "value": "Heap-based Buffer Overflow vulnerability in\u00a0iniparser_dumpsection_ini() in iniparser allows attacker to read out of bound memory"}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 5.1, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "shortName": "samsung.tv_appliance", "dateUpdated": "2025-02-19T07:05:00.230Z"}, "references": [{"tags": ["issue-tracking", "patch"], "url": "https://gitlab.com/iniparser/iniparser/-/issues/177"}], "source": {"discovery": "UNKNOWN"}, "title": "Heap Overflow in iniparser.c", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-19T21:15:34.519721Z", "id": "CVE-2025-0633", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-19T21:15:54.695Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0633", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-19T21:15:34.519721Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-19T21:15:49.472Z"}}], "cna": {"title": "Heap Overflow in iniparser.c", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://gitlab.com/iniparser/iniparser", "vendor": "iniparser", "product": "iniparser", "versions": [{"status": "affected", "version": "3.1", "lessThan": "4.2.6", "versionType": "git"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://gitlab.com/iniparser/iniparser/-/issues/177", "tags": ["issue-tracking", "patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Heap-based Buffer Overflow vulnerability in\u00a0iniparser_dumpsection_ini() in iniparser allows attacker to read out of bound memory", "supportingMedia": [{"type": "text/html", "value": "Heap-based Buffer Overflow vulnerability in&nbsp;iniparser_dumpsection_ini() in iniparser allows attacker to read out of bound memory<p><br></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "shortName": "samsung.tv_appliance", "dateUpdated": "2025-02-19T07:05:00.230Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0633", "state": "PUBLISHED", "dateUpdated": "2025-02-19T21:15:54.695Z", "dateReserved": "2025-01-22T06:51:12.359Z", "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "datePublished": "2025-02-19T07:01:22.478Z", "assignerShortName": "samsung.tv_appliance"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Heap-based Buffer Overflow vulnerability in\u00a0iniparser_dumpsection_ini() in iniparser allows attacker to read out of bound memory"}], "id": "CVE-2025-0633", "lastModified": "2025-02-19T07:15:33.537", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "LOW", "vulnerableSystemIntegrity": "NONE"}, "source": "PSIRT@samsung.com", "type": "Secondary"}]}, "published": "2025-02-19T07:15:33.537", "references": [{"source": "PSIRT@samsung.com", "url": "https://gitlab.com/iniparser/iniparser/-/issues/177"}], "sourceIdentifier": "PSIRT@samsung.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "PSIRT@samsung.com", "type": "Secondary"}]}

{"bugzilla": {"description": "iniparser: Heap Overflow in iniparser.c", "id": "2346474", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346474"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-122", "details": ["Heap-based Buffer Overflow vulnerability in\u00a0iniparser_dumpsection_ini() in iniparser allows attacker to read out of bound memory", "A flaw was found in iniparser. This vulnerability allows an attacker to read out-of-bound memory via iniparser_dumpsection_ini()."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2025-0633", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "iniparser", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "iniparser", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2025-02-19T07:01:22Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-0633\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-0633\nhttps://gitlab.com/iniparser/iniparser/-/issues/177"], "threat_severity": "Moderate"}

{}