CVE-2025-0633 - Vulnerability Details

Heap-based Buffer Overflow vulnerability in iniparser_dumpsection_ini() in iniparser allows attacker to read out of bound memory

Attack Vector Local

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

References

Link	Providers
https://gitlab.com/iniparser/iniparser/-/issues/177
https://nvd.nist.gov/vuln/detail/CVE-2025-0633
https://www.cve.org/CVERecord?id=CVE-2025-0633

History

Thu, 20 Feb 2025 01:45:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2025-0633 https://www.cve.org/CVERecord?id=CVE-2025-0633
Metrics	threat_severity `None`	cvssV3_1 `{'score': 4.0, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}` threat_severity `Moderate`

Wed, 19 Feb 2025 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 19 Feb 2025 07:15:00 +0000

Type	Values Removed	Values Added
Description		Heap-based Buffer Overflow vulnerability in iniparser_dumpsection_ini() in iniparser allows attacker to read out of bound memory
Title		Heap Overflow in iniparser.c
Weaknesses		CWE-122
References		https://gitlab.com/iniparser/iniparser/-/issues/177
Metrics		cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: samsung.tv_appliance

Published: 2025-02-19T07:01:22.478Z

Updated: 2025-02-19T21:15:54.695Z

Reserved: 2025-01-22T06:51:12.359Z

Link: CVE-2025-0633

Vulnrichment

Updated: 2025-02-19T21:15:49.472Z

NVD

Status : Received

Published: 2025-02-19T07:15:33.537

Modified: 2025-02-19T07:15:33.537

Link: CVE-2025-0633

Redhat

Severity : Moderate

Publid Date: 2025-02-19T07:01:22Z

Links: CVE-2025-0633 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object