CVE-2025-13654

Опубликовано: 05 дек. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

A stack buffer overflow vulnerability exists in the buffer_get function of duc, a disk management tool, where a condition can evaluate to true due to underflow, allowing an out-of-bounds read.

Ссылки

https://github.com/zevv/duc/releases/tag/1.4.6
Release Notes
https://hackingbydoing.wixsite.com/hackingbydoing/post/stack-buffer-overflow-in-duc
Exploit
Third Party Advisory
https://kb.cert.org/vuls/id/441887
Third Party Advisory
https://www.kb.cert.org/vuls/id/441887
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zevv:duc:*:*:*:*:*:*:*:*

Версия до 1.4.6 (исключая)

EPSS

Процентиль: 18%

0.00057

Низкий

7.5 High

CVSS3

Дефекты

CWE-787

Связанные уязвимости

CVE-2025-13654

CVSS3: 7.5

ubuntu

2 месяца назад

A stack buffer overflow vulnerability exists in the buffer_get function of duc, a disk management tool, where a condition can evaluate to true due to underflow, allowing an out-of-bounds read.

CVE-2025-13654

CVSS3: 7.5

debian

2 месяца назад

A stack buffer overflow vulnerability exists in the buffer_get functio ...

GHSA-9fqr-94hm-qxr9

CVSS3: 7.5

github

2 месяца назад

A stack buffer overflow vulnerability exists in the buffer_get function of duc, a disk management tool, where a condition can evaluate to true due to underflow, allowing an out-of-bounds read.

EPSS

Процентиль: 18%

0.00057

Низкий

7.5 High

CVSS3

Дефекты

CWE-787