Medium severity4.4NVD Advisory· Published May 27, 2025· Updated Apr 15, 2026

CVE-2025-5278

Description

A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.

Patches

8c9602e3a145

https://cgit.git.savannah.gnu.org/cgit/coreutils.gitvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

www.openwall.com/lists/oss-security/2025/05/27/2nvd
www.openwall.com/lists/oss-security/2025/05/29/1nvd
www.openwall.com/lists/oss-security/2025/05/29/2nvd
access.redhat.com/security/cve/CVE-2025-5278nvd
bugzilla.redhat.com/show_bug.cginvd
cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/nvd
cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWSnvd
security-tracker.debian.org/tracker/CVE-2025-5278nvd

News mentions

No linked articles in our index yet.

cvss	0.286
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000