vulnerability

Arch Linux: Information disclosure (CVE-2025-5278)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
3	(AV:L/AC:M/Au:N/C:P/I:N/A:P)	May 27, 2025	Jul 11, 2025	Feb 5, 2026

Severity

CVSS

(AV:L/AC:M/Au:N/C:P/I:N/A:P)

Published

May 27, 2025

Added

Jul 11, 2025

Modified

Feb 5, 2026

Description

A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.

Solution

arch-linux-upgrade-latest

References

CVE-2025-5278
https://attackerkb.com/topics/CVE-2025-5278
URL-https://access.redhat.com/security/cve/CVE-2025-5278
URL-https://bugzilla.redhat.com/show_bug.cgi?id=2368764
URL-https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633
CWE-121

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today