Search criteria
5 vulnerabilities by zapping-vbi
CVE-2025-2177 (GCVE-0-2025-2177)
Vulnerability from cvelistv5 – Published: 2025-03-11 07:31 – Updated: 2025-03-11 14:12
VLAI?
Title
libzvbi search.c vbi_search_new integer overflow
Summary
A vulnerability classified as critical was found in libzvbi up to 0.2.43. This vulnerability affects the function vbi_search_new of the file src/search.c. The manipulation of the argument pat_len leads to integer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is identified as ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | libzvbi |
Affected:
0.2.0
Affected: 0.2.1 Affected: 0.2.2 Affected: 0.2.3 Affected: 0.2.4 Affected: 0.2.5 Affected: 0.2.6 Affected: 0.2.7 Affected: 0.2.8 Affected: 0.2.9 Affected: 0.2.10 Affected: 0.2.11 Affected: 0.2.12 Affected: 0.2.13 Affected: 0.2.14 Affected: 0.2.15 Affected: 0.2.16 Affected: 0.2.17 Affected: 0.2.18 Affected: 0.2.19 Affected: 0.2.20 Affected: 0.2.21 Affected: 0.2.22 Affected: 0.2.23 Affected: 0.2.24 Affected: 0.2.25 Affected: 0.2.26 Affected: 0.2.27 Affected: 0.2.28 Affected: 0.2.29 Affected: 0.2.30 Affected: 0.2.31 Affected: 0.2.32 Affected: 0.2.33 Affected: 0.2.34 Affected: 0.2.35 Affected: 0.2.36 Affected: 0.2.37 Affected: 0.2.38 Affected: 0.2.39 Affected: 0.2.40 Affected: 0.2.41 Affected: 0.2.42 Affected: 0.2.43 |
Credits
ninpwn (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2177",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T14:11:11.307650Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:12:36.161Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libzvbi",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "0.2.0"
},
{
"status": "affected",
"version": "0.2.1"
},
{
"status": "affected",
"version": "0.2.2"
},
{
"status": "affected",
"version": "0.2.3"
},
{
"status": "affected",
"version": "0.2.4"
},
{
"status": "affected",
"version": "0.2.5"
},
{
"status": "affected",
"version": "0.2.6"
},
{
"status": "affected",
"version": "0.2.7"
},
{
"status": "affected",
"version": "0.2.8"
},
{
"status": "affected",
"version": "0.2.9"
},
{
"status": "affected",
"version": "0.2.10"
},
{
"status": "affected",
"version": "0.2.11"
},
{
"status": "affected",
"version": "0.2.12"
},
{
"status": "affected",
"version": "0.2.13"
},
{
"status": "affected",
"version": "0.2.14"
},
{
"status": "affected",
"version": "0.2.15"
},
{
"status": "affected",
"version": "0.2.16"
},
{
"status": "affected",
"version": "0.2.17"
},
{
"status": "affected",
"version": "0.2.18"
},
{
"status": "affected",
"version": "0.2.19"
},
{
"status": "affected",
"version": "0.2.20"
},
{
"status": "affected",
"version": "0.2.21"
},
{
"status": "affected",
"version": "0.2.22"
},
{
"status": "affected",
"version": "0.2.23"
},
{
"status": "affected",
"version": "0.2.24"
},
{
"status": "affected",
"version": "0.2.25"
},
{
"status": "affected",
"version": "0.2.26"
},
{
"status": "affected",
"version": "0.2.27"
},
{
"status": "affected",
"version": "0.2.28"
},
{
"status": "affected",
"version": "0.2.29"
},
{
"status": "affected",
"version": "0.2.30"
},
{
"status": "affected",
"version": "0.2.31"
},
{
"status": "affected",
"version": "0.2.32"
},
{
"status": "affected",
"version": "0.2.33"
},
{
"status": "affected",
"version": "0.2.34"
},
{
"status": "affected",
"version": "0.2.35"
},
{
"status": "affected",
"version": "0.2.36"
},
{
"status": "affected",
"version": "0.2.37"
},
{
"status": "affected",
"version": "0.2.38"
},
{
"status": "affected",
"version": "0.2.39"
},
{
"status": "affected",
"version": "0.2.40"
},
{
"status": "affected",
"version": "0.2.41"
},
{
"status": "affected",
"version": "0.2.42"
},
{
"status": "affected",
"version": "0.2.43"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ninpwn (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in libzvbi up to 0.2.43. This vulnerability affects the function vbi_search_new of the file src/search.c. The manipulation of the argument pat_len leads to integer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is identified as ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional."
},
{
"lang": "de",
"value": "In libzvbi bis 0.2.43 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Das betrifft die Funktion vbi_search_new der Datei src/search.c. Mittels Manipulieren des Arguments pat_len mit unbekannten Daten kann eine integer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 0.2.44 vermag dieses Problem zu l\u00f6sen. Der Patch wird als ca1672134b3e2962cd392212c73f44f8f4cb489f bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "Integer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-189",
"description": "Numeric Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T07:31:06.438Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-299206 | libzvbi search.c vbi_search_new integer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.299206"
},
{
"name": "VDB-299206 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.299206"
},
{
"name": "Submit #512803 | Open Source libzvbi 0.2.43 Integer Overflow -\u003e Heap Overflow (vbi_search_new)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.512803"
},
{
"tags": [
"related"
],
"url": "https://github.com/zapping-vbi/zvbi/security/advisories/GHSA-g7cg-7gw9-v8cf"
},
{
"tags": [
"patch"
],
"url": "https://github.com/zapping-vbi/zvbi/commit/ca1672134b3e2962cd392212c73f44f8f4cb489f"
},
{
"tags": [
"patch"
],
"url": "https://github.com/zapping-vbi/zvbi/releases/tag/v0.2.44"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-11T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-11T07:18:12.000Z",
"value": "VulDB entry last update"
}
],
"title": "libzvbi search.c vbi_search_new integer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2177",
"datePublished": "2025-03-11T07:31:06.438Z",
"dateReserved": "2025-03-10T17:27:09.154Z",
"dateUpdated": "2025-03-11T14:12:36.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2176 (GCVE-0-2025-2176)
Vulnerability from cvelistv5 – Published: 2025-03-11 07:31 – Updated: 2025-03-11 15:21
VLAI?
Title
libzvbi io-sim.c vbi_capture_sim_load_caption integer overflow
Summary
A vulnerability classified as critical has been found in libzvbi up to 0.2.43. This affects the function vbi_capture_sim_load_caption of the file src/io-sim.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The identifier of the patch is ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | libzvbi |
Affected:
0.2.0
Affected: 0.2.1 Affected: 0.2.2 Affected: 0.2.3 Affected: 0.2.4 Affected: 0.2.5 Affected: 0.2.6 Affected: 0.2.7 Affected: 0.2.8 Affected: 0.2.9 Affected: 0.2.10 Affected: 0.2.11 Affected: 0.2.12 Affected: 0.2.13 Affected: 0.2.14 Affected: 0.2.15 Affected: 0.2.16 Affected: 0.2.17 Affected: 0.2.18 Affected: 0.2.19 Affected: 0.2.20 Affected: 0.2.21 Affected: 0.2.22 Affected: 0.2.23 Affected: 0.2.24 Affected: 0.2.25 Affected: 0.2.26 Affected: 0.2.27 Affected: 0.2.28 Affected: 0.2.29 Affected: 0.2.30 Affected: 0.2.31 Affected: 0.2.32 Affected: 0.2.33 Affected: 0.2.34 Affected: 0.2.35 Affected: 0.2.36 Affected: 0.2.37 Affected: 0.2.38 Affected: 0.2.39 Affected: 0.2.40 Affected: 0.2.41 Affected: 0.2.42 Affected: 0.2.43 |
Credits
Yariv Nedivi
ninpwn (VulDB User)
ninpwn (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T15:14:23.195210Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T15:21:26.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libzvbi",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "0.2.0"
},
{
"status": "affected",
"version": "0.2.1"
},
{
"status": "affected",
"version": "0.2.2"
},
{
"status": "affected",
"version": "0.2.3"
},
{
"status": "affected",
"version": "0.2.4"
},
{
"status": "affected",
"version": "0.2.5"
},
{
"status": "affected",
"version": "0.2.6"
},
{
"status": "affected",
"version": "0.2.7"
},
{
"status": "affected",
"version": "0.2.8"
},
{
"status": "affected",
"version": "0.2.9"
},
{
"status": "affected",
"version": "0.2.10"
},
{
"status": "affected",
"version": "0.2.11"
},
{
"status": "affected",
"version": "0.2.12"
},
{
"status": "affected",
"version": "0.2.13"
},
{
"status": "affected",
"version": "0.2.14"
},
{
"status": "affected",
"version": "0.2.15"
},
{
"status": "affected",
"version": "0.2.16"
},
{
"status": "affected",
"version": "0.2.17"
},
{
"status": "affected",
"version": "0.2.18"
},
{
"status": "affected",
"version": "0.2.19"
},
{
"status": "affected",
"version": "0.2.20"
},
{
"status": "affected",
"version": "0.2.21"
},
{
"status": "affected",
"version": "0.2.22"
},
{
"status": "affected",
"version": "0.2.23"
},
{
"status": "affected",
"version": "0.2.24"
},
{
"status": "affected",
"version": "0.2.25"
},
{
"status": "affected",
"version": "0.2.26"
},
{
"status": "affected",
"version": "0.2.27"
},
{
"status": "affected",
"version": "0.2.28"
},
{
"status": "affected",
"version": "0.2.29"
},
{
"status": "affected",
"version": "0.2.30"
},
{
"status": "affected",
"version": "0.2.31"
},
{
"status": "affected",
"version": "0.2.32"
},
{
"status": "affected",
"version": "0.2.33"
},
{
"status": "affected",
"version": "0.2.34"
},
{
"status": "affected",
"version": "0.2.35"
},
{
"status": "affected",
"version": "0.2.36"
},
{
"status": "affected",
"version": "0.2.37"
},
{
"status": "affected",
"version": "0.2.38"
},
{
"status": "affected",
"version": "0.2.39"
},
{
"status": "affected",
"version": "0.2.40"
},
{
"status": "affected",
"version": "0.2.41"
},
{
"status": "affected",
"version": "0.2.42"
},
{
"status": "affected",
"version": "0.2.43"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Yariv Nedivi"
},
{
"lang": "en",
"type": "reporter",
"value": "ninpwn (VulDB User)"
},
{
"lang": "en",
"type": "analyst",
"value": "ninpwn (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in libzvbi up to 0.2.43. This affects the function vbi_capture_sim_load_caption of the file src/io-sim.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The identifier of the patch is ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in libzvbi bis 0.2.43 entdeckt. Sie wurde als kritisch eingestuft. Es betrifft die Funktion vbi_capture_sim_load_caption der Datei src/io-sim.c. Mittels dem Manipulieren mit unbekannten Daten kann eine integer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 0.2.44 vermag dieses Problem zu l\u00f6sen. Der Patch wird als ca1672134b3e2962cd392212c73f44f8f4cb489f bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "Integer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-189",
"description": "Numeric Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T08:02:38.128Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-299205 | libzvbi io-sim.c vbi_capture_sim_load_caption integer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.299205"
},
{
"name": "VDB-299205 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.299205"
},
{
"name": "Submit #512802 | Open Source libzvbi 0.2.43 Integer Overflow -\u003e Heap Overflow (vbi_capture_sim_load_caption)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.512802"
},
{
"tags": [
"related"
],
"url": "https://github.com/zapping-vbi/zvbi/security/advisories/GHSA-g7cg-7gw9-v8cf"
},
{
"tags": [
"patch"
],
"url": "https://github.com/zapping-vbi/zvbi/commit/ca1672134b3e2962cd392212c73f44f8f4cb489f"
},
{
"tags": [
"patch"
],
"url": "https://github.com/zapping-vbi/zvbi/releases/tag/v0.2.44"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-11T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-11T09:04:06.000Z",
"value": "VulDB entry last update"
}
],
"title": "libzvbi io-sim.c vbi_capture_sim_load_caption integer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2176",
"datePublished": "2025-03-11T07:31:05.090Z",
"dateReserved": "2025-03-10T17:27:04.908Z",
"dateUpdated": "2025-03-11T15:21:26.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2175 (GCVE-0-2025-2175)
Vulnerability from cvelistv5 – Published: 2025-03-11 07:00 – Updated: 2025-03-11 17:13
VLAI?
Title
libzvbi _vbi_strndup_iconv integer overflow
Summary
A vulnerability was found in libzvbi up to 0.2.43. It has been rated as problematic. Affected by this issue is the function _vbi_strndup_iconv. The manipulation leads to integer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.
Severity ?
4.3 (Medium)
4.3 (Medium)
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | libzvbi |
Affected:
0.2.0
Affected: 0.2.1 Affected: 0.2.2 Affected: 0.2.3 Affected: 0.2.4 Affected: 0.2.5 Affected: 0.2.6 Affected: 0.2.7 Affected: 0.2.8 Affected: 0.2.9 Affected: 0.2.10 Affected: 0.2.11 Affected: 0.2.12 Affected: 0.2.13 Affected: 0.2.14 Affected: 0.2.15 Affected: 0.2.16 Affected: 0.2.17 Affected: 0.2.18 Affected: 0.2.19 Affected: 0.2.20 Affected: 0.2.21 Affected: 0.2.22 Affected: 0.2.23 Affected: 0.2.24 Affected: 0.2.25 Affected: 0.2.26 Affected: 0.2.27 Affected: 0.2.28 Affected: 0.2.29 Affected: 0.2.30 Affected: 0.2.31 Affected: 0.2.32 Affected: 0.2.33 Affected: 0.2.34 Affected: 0.2.35 Affected: 0.2.36 Affected: 0.2.37 Affected: 0.2.38 Affected: 0.2.39 Affected: 0.2.40 Affected: 0.2.41 Affected: 0.2.42 Affected: 0.2.43 |
Credits
Yariv Nedivi
ninpwn (VulDB User)
ninpwn (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2175",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T17:11:46.051145Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T17:13:11.689Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libzvbi",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "0.2.0"
},
{
"status": "affected",
"version": "0.2.1"
},
{
"status": "affected",
"version": "0.2.2"
},
{
"status": "affected",
"version": "0.2.3"
},
{
"status": "affected",
"version": "0.2.4"
},
{
"status": "affected",
"version": "0.2.5"
},
{
"status": "affected",
"version": "0.2.6"
},
{
"status": "affected",
"version": "0.2.7"
},
{
"status": "affected",
"version": "0.2.8"
},
{
"status": "affected",
"version": "0.2.9"
},
{
"status": "affected",
"version": "0.2.10"
},
{
"status": "affected",
"version": "0.2.11"
},
{
"status": "affected",
"version": "0.2.12"
},
{
"status": "affected",
"version": "0.2.13"
},
{
"status": "affected",
"version": "0.2.14"
},
{
"status": "affected",
"version": "0.2.15"
},
{
"status": "affected",
"version": "0.2.16"
},
{
"status": "affected",
"version": "0.2.17"
},
{
"status": "affected",
"version": "0.2.18"
},
{
"status": "affected",
"version": "0.2.19"
},
{
"status": "affected",
"version": "0.2.20"
},
{
"status": "affected",
"version": "0.2.21"
},
{
"status": "affected",
"version": "0.2.22"
},
{
"status": "affected",
"version": "0.2.23"
},
{
"status": "affected",
"version": "0.2.24"
},
{
"status": "affected",
"version": "0.2.25"
},
{
"status": "affected",
"version": "0.2.26"
},
{
"status": "affected",
"version": "0.2.27"
},
{
"status": "affected",
"version": "0.2.28"
},
{
"status": "affected",
"version": "0.2.29"
},
{
"status": "affected",
"version": "0.2.30"
},
{
"status": "affected",
"version": "0.2.31"
},
{
"status": "affected",
"version": "0.2.32"
},
{
"status": "affected",
"version": "0.2.33"
},
{
"status": "affected",
"version": "0.2.34"
},
{
"status": "affected",
"version": "0.2.35"
},
{
"status": "affected",
"version": "0.2.36"
},
{
"status": "affected",
"version": "0.2.37"
},
{
"status": "affected",
"version": "0.2.38"
},
{
"status": "affected",
"version": "0.2.39"
},
{
"status": "affected",
"version": "0.2.40"
},
{
"status": "affected",
"version": "0.2.41"
},
{
"status": "affected",
"version": "0.2.42"
},
{
"status": "affected",
"version": "0.2.43"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Yariv Nedivi"
},
{
"lang": "en",
"type": "reporter",
"value": "ninpwn (VulDB User)"
},
{
"lang": "en",
"type": "analyst",
"value": "ninpwn (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in libzvbi up to 0.2.43. It has been rated as problematic. Affected by this issue is the function _vbi_strndup_iconv. The manipulation leads to integer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in libzvbi bis 0.2.43 ausgemacht. Hierbei geht es um die Funktion _vbi_strndup_iconv. Durch Manipulation mit unbekannten Daten kann eine integer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 0.2.44 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "Integer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-189",
"description": "Numeric Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T08:02:36.691Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-299204 | libzvbi _vbi_strndup_iconv integer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.299204"
},
{
"name": "VDB-299204 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.299204"
},
{
"name": "Submit #512801 | Open Source libzvbi 0.2.43 Integer Overflow -\u003e Heap Overflow (_vbi_strndup_iconv)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.512801"
},
{
"tags": [
"related"
],
"url": "https://github.com/zapping-vbi/zvbi/security/advisories/GHSA-g7cg-7gw9-v8cf"
},
{
"tags": [
"patch"
],
"url": "https://github.com/zapping-vbi/zvbi/releases/tag/v0.2.44"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-11T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-11T09:03:59.000Z",
"value": "VulDB entry last update"
}
],
"title": "libzvbi _vbi_strndup_iconv integer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2175",
"datePublished": "2025-03-11T07:00:09.753Z",
"dateReserved": "2025-03-10T17:27:00.680Z",
"dateUpdated": "2025-03-11T17:13:11.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2174 (GCVE-0-2025-2174)
Vulnerability from cvelistv5 – Published: 2025-03-11 06:31 – Updated: 2025-03-11 13:40
VLAI?
Title
libzvbi conv.c vbi_strndup_iconv_ucs2 integer overflow
Summary
A vulnerability was found in libzvbi up to 0.2.43. It has been declared as problematic. Affected by this vulnerability is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to integer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is named ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.
Severity ?
5.3 (Medium)
5.3 (Medium)
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | libzvbi |
Affected:
0.2.0
Affected: 0.2.1 Affected: 0.2.2 Affected: 0.2.3 Affected: 0.2.4 Affected: 0.2.5 Affected: 0.2.6 Affected: 0.2.7 Affected: 0.2.8 Affected: 0.2.9 Affected: 0.2.10 Affected: 0.2.11 Affected: 0.2.12 Affected: 0.2.13 Affected: 0.2.14 Affected: 0.2.15 Affected: 0.2.16 Affected: 0.2.17 Affected: 0.2.18 Affected: 0.2.19 Affected: 0.2.20 Affected: 0.2.21 Affected: 0.2.22 Affected: 0.2.23 Affected: 0.2.24 Affected: 0.2.25 Affected: 0.2.26 Affected: 0.2.27 Affected: 0.2.28 Affected: 0.2.29 Affected: 0.2.30 Affected: 0.2.31 Affected: 0.2.32 Affected: 0.2.33 Affected: 0.2.34 Affected: 0.2.35 Affected: 0.2.36 Affected: 0.2.37 Affected: 0.2.38 Affected: 0.2.39 Affected: 0.2.40 Affected: 0.2.41 Affected: 0.2.42 Affected: 0.2.43 |
Credits
Yariv Nedivi
ninpwn (VulDB User)
ninpwn (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2174",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T13:25:13.046485Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T13:40:54.884Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libzvbi",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "0.2.0"
},
{
"status": "affected",
"version": "0.2.1"
},
{
"status": "affected",
"version": "0.2.2"
},
{
"status": "affected",
"version": "0.2.3"
},
{
"status": "affected",
"version": "0.2.4"
},
{
"status": "affected",
"version": "0.2.5"
},
{
"status": "affected",
"version": "0.2.6"
},
{
"status": "affected",
"version": "0.2.7"
},
{
"status": "affected",
"version": "0.2.8"
},
{
"status": "affected",
"version": "0.2.9"
},
{
"status": "affected",
"version": "0.2.10"
},
{
"status": "affected",
"version": "0.2.11"
},
{
"status": "affected",
"version": "0.2.12"
},
{
"status": "affected",
"version": "0.2.13"
},
{
"status": "affected",
"version": "0.2.14"
},
{
"status": "affected",
"version": "0.2.15"
},
{
"status": "affected",
"version": "0.2.16"
},
{
"status": "affected",
"version": "0.2.17"
},
{
"status": "affected",
"version": "0.2.18"
},
{
"status": "affected",
"version": "0.2.19"
},
{
"status": "affected",
"version": "0.2.20"
},
{
"status": "affected",
"version": "0.2.21"
},
{
"status": "affected",
"version": "0.2.22"
},
{
"status": "affected",
"version": "0.2.23"
},
{
"status": "affected",
"version": "0.2.24"
},
{
"status": "affected",
"version": "0.2.25"
},
{
"status": "affected",
"version": "0.2.26"
},
{
"status": "affected",
"version": "0.2.27"
},
{
"status": "affected",
"version": "0.2.28"
},
{
"status": "affected",
"version": "0.2.29"
},
{
"status": "affected",
"version": "0.2.30"
},
{
"status": "affected",
"version": "0.2.31"
},
{
"status": "affected",
"version": "0.2.32"
},
{
"status": "affected",
"version": "0.2.33"
},
{
"status": "affected",
"version": "0.2.34"
},
{
"status": "affected",
"version": "0.2.35"
},
{
"status": "affected",
"version": "0.2.36"
},
{
"status": "affected",
"version": "0.2.37"
},
{
"status": "affected",
"version": "0.2.38"
},
{
"status": "affected",
"version": "0.2.39"
},
{
"status": "affected",
"version": "0.2.40"
},
{
"status": "affected",
"version": "0.2.41"
},
{
"status": "affected",
"version": "0.2.42"
},
{
"status": "affected",
"version": "0.2.43"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Yariv Nedivi"
},
{
"lang": "en",
"type": "reporter",
"value": "ninpwn (VulDB User)"
},
{
"lang": "en",
"type": "analyst",
"value": "ninpwn (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in libzvbi up to 0.2.43. It has been declared as problematic. Affected by this vulnerability is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to integer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is named ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional."
},
{
"lang": "de",
"value": "In libzvbi bis 0.2.43 wurde eine problematische Schwachstelle ausgemacht. Dabei geht es um die Funktion vbi_strndup_iconv_ucs2 der Datei src/conv.c. Durch die Manipulation des Arguments src_length mit unbekannten Daten kann eine integer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 0.2.44 vermag dieses Problem zu l\u00f6sen. Der Patch wird als ca1672134b3e2962cd392212c73f44f8f4cb489f bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "Integer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-189",
"description": "Numeric Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T08:02:35.278Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-299203 | libzvbi conv.c vbi_strndup_iconv_ucs2 integer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.299203"
},
{
"name": "VDB-299203 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.299203"
},
{
"name": "Submit #512800 | Open Source libzvbi 0.2.43 Integer Overflow -\u003e Heap Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.512800"
},
{
"tags": [
"related"
],
"url": "https://github.com/zapping-vbi/zvbi/security/advisories/GHSA-g7cg-7gw9-v8cf"
},
{
"tags": [
"patch"
],
"url": "https://github.com/zapping-vbi/zvbi/commit/ca1672134b3e2962cd392212c73f44f8f4cb489f"
},
{
"tags": [
"patch"
],
"url": "https://github.com/zapping-vbi/zvbi/releases/tag/v0.2.44"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-11T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-11T09:03:47.000Z",
"value": "VulDB entry last update"
}
],
"title": "libzvbi conv.c vbi_strndup_iconv_ucs2 integer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2174",
"datePublished": "2025-03-11T06:31:06.971Z",
"dateReserved": "2025-03-10T17:26:56.285Z",
"dateUpdated": "2025-03-11T13:40:54.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2173 (GCVE-0-2025-2173)
Vulnerability from cvelistv5 – Published: 2025-03-11 06:31 – Updated: 2025-03-11 13:47
VLAI?
Title
libzvbi conv.c vbi_strndup_iconv_ucs2 uninitialized pointer
Summary
A vulnerability was found in libzvbi up to 0.2.43. It has been classified as problematic. Affected is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to uninitialized pointer. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is identified as 8def647eea27f7fd7ad33ff79c2d6d3e39948dce. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.
Severity ?
5.3 (Medium)
5.3 (Medium)
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | libzvbi |
Affected:
0.2.0
Affected: 0.2.1 Affected: 0.2.2 Affected: 0.2.3 Affected: 0.2.4 Affected: 0.2.5 Affected: 0.2.6 Affected: 0.2.7 Affected: 0.2.8 Affected: 0.2.9 Affected: 0.2.10 Affected: 0.2.11 Affected: 0.2.12 Affected: 0.2.13 Affected: 0.2.14 Affected: 0.2.15 Affected: 0.2.16 Affected: 0.2.17 Affected: 0.2.18 Affected: 0.2.19 Affected: 0.2.20 Affected: 0.2.21 Affected: 0.2.22 Affected: 0.2.23 Affected: 0.2.24 Affected: 0.2.25 Affected: 0.2.26 Affected: 0.2.27 Affected: 0.2.28 Affected: 0.2.29 Affected: 0.2.30 Affected: 0.2.31 Affected: 0.2.32 Affected: 0.2.33 Affected: 0.2.34 Affected: 0.2.35 Affected: 0.2.36 Affected: 0.2.37 Affected: 0.2.38 Affected: 0.2.39 Affected: 0.2.40 Affected: 0.2.41 Affected: 0.2.42 Affected: 0.2.43 |
Credits
ninpwn (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2173",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T13:46:53.127947Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T13:47:03.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libzvbi",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "0.2.0"
},
{
"status": "affected",
"version": "0.2.1"
},
{
"status": "affected",
"version": "0.2.2"
},
{
"status": "affected",
"version": "0.2.3"
},
{
"status": "affected",
"version": "0.2.4"
},
{
"status": "affected",
"version": "0.2.5"
},
{
"status": "affected",
"version": "0.2.6"
},
{
"status": "affected",
"version": "0.2.7"
},
{
"status": "affected",
"version": "0.2.8"
},
{
"status": "affected",
"version": "0.2.9"
},
{
"status": "affected",
"version": "0.2.10"
},
{
"status": "affected",
"version": "0.2.11"
},
{
"status": "affected",
"version": "0.2.12"
},
{
"status": "affected",
"version": "0.2.13"
},
{
"status": "affected",
"version": "0.2.14"
},
{
"status": "affected",
"version": "0.2.15"
},
{
"status": "affected",
"version": "0.2.16"
},
{
"status": "affected",
"version": "0.2.17"
},
{
"status": "affected",
"version": "0.2.18"
},
{
"status": "affected",
"version": "0.2.19"
},
{
"status": "affected",
"version": "0.2.20"
},
{
"status": "affected",
"version": "0.2.21"
},
{
"status": "affected",
"version": "0.2.22"
},
{
"status": "affected",
"version": "0.2.23"
},
{
"status": "affected",
"version": "0.2.24"
},
{
"status": "affected",
"version": "0.2.25"
},
{
"status": "affected",
"version": "0.2.26"
},
{
"status": "affected",
"version": "0.2.27"
},
{
"status": "affected",
"version": "0.2.28"
},
{
"status": "affected",
"version": "0.2.29"
},
{
"status": "affected",
"version": "0.2.30"
},
{
"status": "affected",
"version": "0.2.31"
},
{
"status": "affected",
"version": "0.2.32"
},
{
"status": "affected",
"version": "0.2.33"
},
{
"status": "affected",
"version": "0.2.34"
},
{
"status": "affected",
"version": "0.2.35"
},
{
"status": "affected",
"version": "0.2.36"
},
{
"status": "affected",
"version": "0.2.37"
},
{
"status": "affected",
"version": "0.2.38"
},
{
"status": "affected",
"version": "0.2.39"
},
{
"status": "affected",
"version": "0.2.40"
},
{
"status": "affected",
"version": "0.2.41"
},
{
"status": "affected",
"version": "0.2.42"
},
{
"status": "affected",
"version": "0.2.43"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ninpwn (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in libzvbi up to 0.2.43. It has been classified as problematic. Affected is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to uninitialized pointer. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is identified as 8def647eea27f7fd7ad33ff79c2d6d3e39948dce. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in libzvbi bis 0.2.43 ausgemacht. Es geht dabei um die Funktion vbi_strndup_iconv_ucs2 der Datei src/conv.c. Mit der Manipulation des Arguments src_length mit unbekannten Daten kann eine uninitialized pointer-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 0.2.44 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 8def647eea27f7fd7ad33ff79c2d6d3e39948dce bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "Uninitialized Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T06:31:05.166Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-299202 | libzvbi conv.c vbi_strndup_iconv_ucs2 uninitialized pointer",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.299202"
},
{
"name": "VDB-299202 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.299202"
},
{
"name": "Submit #512798 | Open Source libzvbi 0.2.43 Unitinialized Heap Read",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.512798"
},
{
"tags": [
"related"
],
"url": "https://github.com/zapping-vbi/zvbi/security/advisories/GHSA-g7cg-7gw9-v8cf"
},
{
"tags": [
"patch"
],
"url": "https://github.com/zapping-vbi/zvbi/commit/8def647eea27f7fd7ad33ff79c2d6d3e39948dce"
},
{
"tags": [
"patch"
],
"url": "https://github.com/zapping-vbi/zvbi/releases/tag/v0.2.44"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-11T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-11T07:18:06.000Z",
"value": "VulDB entry last update"
}
],
"title": "libzvbi conv.c vbi_strndup_iconv_ucs2 uninitialized pointer"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2173",
"datePublished": "2025-03-11T06:31:05.166Z",
"dateReserved": "2025-03-10T17:26:53.636Z",
"dateUpdated": "2025-03-11T13:47:03.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}