CVE-2025-5278
MediumCVSS 4.4Exploitation Probability (EPSS)
Low risk13th percentile - higher than 13% of all known CVEs
Summary
A flaw was found in GNU Coreutils where the sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format.
Risk Assessment
Malicious input could lead to a crash or leak sensitive data, posing a risk to system confidentiality and availability.
Recommendation
It is recommended to immediately update GNU Coreutils to the latest patched version and avoid running sort commands with untrusted input.
Original NVD description (English source)
A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.

