DevGuard Logo

/🛡️ DevGuard
Group
/🧩 DevGuard Action
Repository

Overview
Compliance
Code Risks
Dependency Risks
Dependencies

CVE-2025-5278

A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.

GitHub Logohttps://github.com/l3montree-dev/devguard-action/issues/152
Fixed
LOW (2.5)
  • logo

    System detected CVE-2025-5278 with a risk of 2.04

    main
  • logo

    System created a ticket for CVE-2025-5278

    main

    Everything after this entry will be synced with the external system. The ticket can be found at https://github.com/l3montree-dev/devguard-action/issues/134

  • logo

    System detected CVE-2025-5278 on another ref: main

    main
  • logo

    System created a ticket for CVE-2025-5278

    main

    Everything after this entry will be synced with the external system. The ticket can be found at undefined

  • logo

    System detected CVE-2025-5278 with scanner: container-scanning:test

    main
  • S

    Sebastian Kawelke updated the risk assessment from 2.04 to 2.5

    main

    Confidentiality Requirement updated: low -> high

  • logo

    System removed scanner: container-scanning

    main
  • logo

    System fixed CVE-2025-5278

    main

Reopen this vulnerability

You can reopen this vuln, if you plan to mitigate the risk now, or accepted this vuln by accident.

Comment will be synced with https://github.com/l3montree-dev/devguard-action/issues/152
Last calculated at:

Affected component

Logo von deb debian/coreutils

Installed version:
9.1-1
Fixed in:
no patch available
Show in dependency graph

Management decisions across the organization

GitHubImprintTerms of UsePrivacy
Copyright © 2025 L3montree GmbH and the DevGuard Contributors. All rights reserved. Version 71cda54d19c6900d5d185b8bc7c11608a8a65bac