Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Red Hat OpenShift distributed tracing 3.10.1 by Red Hat

    CVE-2025-5278 (GCVE-0-2025-5278)

    Vulnerability from nvd – Published: 2025-05-27 20:52 – Updated: 2026-07-01 09:35
    VLAI
    Title
    Coreutils: heap buffer under-read in gnu coreutils sort via key specification
    Summary
    A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 7.2 , < 9.8 (semver)
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:9.5-8.el10_2 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:8.32-41.el9_8 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Discovery 2 Unaffected: 1782756541 , < * (rpm)
        cpe:/a:redhat:discovery:2::el9
    Create a notification for this product.
    Red Hat Red Hat Insights proxy 1.5 Unaffected: 1782890503 , < * (rpm)
        cpe:/a:redhat:insights_proxy:1.5::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.10.1 Unaffected: 1782501180 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.10::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.10.1 Unaffected: 1782501200 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.10::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.10.1 Unaffected: 1782498923 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.10::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.10.1 Unaffected: 1782510941 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.10::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.10.1 Unaffected: 1782501220 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.10::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.10.1 Unaffected: 1782501196 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.10::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.10.1 Unaffected: 1782501195 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.10::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Date Public
    2025-05-27 00:00
    Credits
    Red Hat would like to thank Mohamed Maatallah for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-05-29T18:03:55.440Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/05/27/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/05/29/1"
              },
              {
                "url": "https://security-tracker.debian.org/tracker/CVE-2025-5278"
              },
              {
                "url": "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633"
              },
              {
                "url": "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/05/29/2"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-5278",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-28T13:46:35.101788Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-28T13:48:21.860Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/",
              "defaultStatus": "unaffected",
              "packageName": "coreutils",
              "versions": [
                {
                  "lessThan": "9.8",
                  "status": "affected",
                  "version": "7.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.2"
              ],
              "defaultStatus": "affected",
              "packageName": "coreutils",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:9.5-8.el10_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "coreutils",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.32-41.el9_8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:discovery:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "discovery/discovery-ui-rhel9",
              "product": "Red Hat Discovery 2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1782756541",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:insights_proxy:1.5::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "insights-proxy/insights-proxy-container-rhel9",
              "product": "Red Hat Insights proxy 1.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1782890503",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/tempo-gateway-opa-rhel9",
              "product": "Red Hat OpenShift distributed tracing 3.10.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1782501180",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/tempo-gateway-rhel9",
              "product": "Red Hat OpenShift distributed tracing 3.10.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1782501200",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/tempo-jaeger-query-rhel9",
              "product": "Red Hat OpenShift distributed tracing 3.10.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1782498923",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/tempo-operator-bundle",
              "product": "Red Hat OpenShift distributed tracing 3.10.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1782510941",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/tempo-query-rhel9",
              "product": "Red Hat OpenShift distributed tracing 3.10.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1782501220",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/tempo-rhel9",
              "product": "Red Hat OpenShift distributed tracing 3.10.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1782501196",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/tempo-rhel9-operator",
              "product": "Red Hat OpenShift distributed tracing 3.10.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1782501195",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "coreutils",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "coreutils",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "coreutils",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Mohamed Maatallah for reporting this issue."
            }
          ],
          "datePublic": "2025-05-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in GNU Coreutils. The sort utility\u0027s begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T09:35:48.174Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:28911",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:28911"
            },
            {
              "name": "RHSA-2026:33124",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:33124"
            },
            {
              "name": "RHSA-2026:33313",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:33313"
            },
            {
              "name": "RHSA-2026:33612",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:33612"
            },
            {
              "name": "RHSA-2026:34102",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34102"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-5278"
            },
            {
              "name": "RHBZ#2368764",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368764"
            },
            {
              "url": "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633"
            },
            {
              "url": "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-05-27T13:50:20.148Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-05-27T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Coreutils: heap buffer under-read in gnu coreutils sort via key specification",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-121: Stack-based Buffer Overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-5278",
        "datePublished": "2025-05-27T20:52:58.545Z",
        "dateReserved": "2025-05-27T14:05:48.552Z",
        "dateUpdated": "2026-07-01T09:35:48.174Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-5278 (GCVE-0-2025-5278)

    Vulnerability from cvelistv5 – Published: 2025-05-27 20:52 – Updated: 2026-07-01 09:35
    VLAI
    Title
    Coreutils: heap buffer under-read in gnu coreutils sort via key specification
    Summary
    A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 7.2 , < 9.8 (semver)
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:9.5-8.el10_2 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:8.32-41.el9_8 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Discovery 2 Unaffected: 1782756541 , < * (rpm)
        cpe:/a:redhat:discovery:2::el9
    Create a notification for this product.
    Red Hat Red Hat Insights proxy 1.5 Unaffected: 1782890503 , < * (rpm)
        cpe:/a:redhat:insights_proxy:1.5::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.10.1 Unaffected: 1782501180 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.10::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.10.1 Unaffected: 1782501200 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.10::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.10.1 Unaffected: 1782498923 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.10::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.10.1 Unaffected: 1782510941 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.10::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.10.1 Unaffected: 1782501220 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.10::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.10.1 Unaffected: 1782501196 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.10::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.10.1 Unaffected: 1782501195 , < * (rpm)
        cpe:/a:redhat:openshift_distributed_tracing:3.10::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Date Public
    2025-05-27 00:00
    Credits
    Red Hat would like to thank Mohamed Maatallah for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-05-29T18:03:55.440Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/05/27/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/05/29/1"
              },
              {
                "url": "https://security-tracker.debian.org/tracker/CVE-2025-5278"
              },
              {
                "url": "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633"
              },
              {
                "url": "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/05/29/2"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-5278",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-28T13:46:35.101788Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-28T13:48:21.860Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/",
              "defaultStatus": "unaffected",
              "packageName": "coreutils",
              "versions": [
                {
                  "lessThan": "9.8",
                  "status": "affected",
                  "version": "7.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.2"
              ],
              "defaultStatus": "affected",
              "packageName": "coreutils",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:9.5-8.el10_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "coreutils",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.32-41.el9_8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:discovery:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "discovery/discovery-ui-rhel9",
              "product": "Red Hat Discovery 2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1782756541",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:insights_proxy:1.5::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "insights-proxy/insights-proxy-container-rhel9",
              "product": "Red Hat Insights proxy 1.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1782890503",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/tempo-gateway-opa-rhel9",
              "product": "Red Hat OpenShift distributed tracing 3.10.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1782501180",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/tempo-gateway-rhel9",
              "product": "Red Hat OpenShift distributed tracing 3.10.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1782501200",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/tempo-jaeger-query-rhel9",
              "product": "Red Hat OpenShift distributed tracing 3.10.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1782498923",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/tempo-operator-bundle",
              "product": "Red Hat OpenShift distributed tracing 3.10.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1782510941",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/tempo-query-rhel9",
              "product": "Red Hat OpenShift distributed tracing 3.10.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1782501220",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/tempo-rhel9",
              "product": "Red Hat OpenShift distributed tracing 3.10.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1782501196",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3.10::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/tempo-rhel9-operator",
              "product": "Red Hat OpenShift distributed tracing 3.10.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1782501195",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "coreutils",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "coreutils",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "coreutils",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Mohamed Maatallah for reporting this issue."
            }
          ],
          "datePublic": "2025-05-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in GNU Coreutils. The sort utility\u0027s begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T09:35:48.174Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:28911",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:28911"
            },
            {
              "name": "RHSA-2026:33124",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:33124"
            },
            {
              "name": "RHSA-2026:33313",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:33313"
            },
            {
              "name": "RHSA-2026:33612",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:33612"
            },
            {
              "name": "RHSA-2026:34102",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34102"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-5278"
            },
            {
              "name": "RHBZ#2368764",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368764"
            },
            {
              "url": "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633"
            },
            {
              "url": "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-05-27T13:50:20.148Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-05-27T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Coreutils: heap buffer under-read in gnu coreutils sort via key specification",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-121: Stack-based Buffer Overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-5278",
        "datePublished": "2025-05-27T20:52:58.545Z",
        "dateReserved": "2025-05-27T14:05:48.552Z",
        "dateUpdated": "2026-07-01T09:35:48.174Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }