A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.
Fixes

Solution

No solution given by the vendor.


Workaround

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

History

Thu, 29 May 2025 18:30:00 +0000

Type Values Removed Values Added
References

Thu, 29 May 2025 16:30:00 +0000


Thu, 29 May 2025 13:30:00 +0000

Type Values Removed Values Added
References

Wed, 28 May 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 28 May 2025 03:45:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Wed, 28 May 2025 01:30:00 +0000

Type Values Removed Values Added
References

Tue, 27 May 2025 21:00:00 +0000

Type Values Removed Values Added
Description A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.
Title Coreutils: heap buffer under-read in gnu coreutils sort via key specification
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Weaknesses CWE-121
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-08-30T23:07:20.420Z

Reserved: 2025-05-27T14:05:48.552Z

Link: CVE-2025-5278

cve-icon Vulnrichment

Updated: 2025-05-29T18:03:55.440Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-05-27T21:15:23.197

Modified: 2025-05-29T18:15:24.290

Link: CVE-2025-5278

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-05-27T00:00:00Z

Links: CVE-2025-5278 - Bugzilla

cve-icon OpenCVE Enrichment

No data.