{"vulnerability": "cve-2025-2174", "sightings": [{"uuid": "29fb46b1-72c9-4a11-9756-5a4759c90106", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21746", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5667", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21746\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nInput: synaptics - fix crash when enabling pass-through port\n\nWhen enabling a pass-through port an interrupt might come before psmouse\ndriver binds to the pass-through port. However synaptics sub-driver\ntries to access psmouse instance presumably associated with the\npass-through port to figure out if only 1 byte of response or entire\nprotocol packet needs to be forwarded to the pass-through port and may\ncrash if psmouse instance has not been attached to the port yet.\n\nFix the crash by introducing open() and close() methods for the port and\ncheck if the port is open before trying to access psmouse instance.\nBecause psmouse calls serio_open() only after attaching psmouse instance\nto serio port instance this prevents the potential crash.\n\ud83d\udccf Published: 2025-02-27T02:12:18.477Z\n\ud83d\udccf Modified: 2025-02-27T12:57:21.496Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/a2cbcd70133dc0d4d4c95ad4cd5412b935354c7c\n2. https://git.kernel.org/stable/c/3e179d3f1ada963475395d81bfe91daef4d1a24c\n3. https://git.kernel.org/stable/c/87da1ea93ec9f9f0004e5b12e78789bc94e360bf\n4. https://git.kernel.org/stable/c/08bd5b7c9a2401faabdaa1472d45c7de0755fd7e", "creation_timestamp": "2025-02-27T13:27:33.000000Z"}, {"uuid": "a21bc2c6-0885-4742-a17d-02b29033d5c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21745", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-05", "content": "", "creation_timestamp": "2025-06-12T10:00:00.000000Z"}, {"uuid": "195ca1f1-f948-4c25-a44c-3ec45b45e201", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21743", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114074545563739545", "content": "", "creation_timestamp": "2025-02-27T06:57:08.647542Z"}, {"uuid": "57a53c2f-3ddc-4127-93b4-e98c0d2847a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2174", "type": "seen", "source": "https://t.me/cvedetector/20038", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2174 - Libzvbi Integer Overflow Remote Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2174 \nPublished : March 11, 2025, 7:15 a.m. | 46\u00a0minutes ago \nDescription : A vulnerability was found in libzvbi up to 0.2.43. It has been declared as problematic. Affected by this vulnerability is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to integer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is named ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-11T09:15:43.000000Z"}, {"uuid": "533e879e-ee79-4e4f-8a08-26dd1ef0bf3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2174", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7115", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2174\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in libzvbi up to 0.2.43. It has been declared as problematic. Affected by this vulnerability is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to integer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is named ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.\n\ud83d\udccf Published: 2025-03-11T06:31:06.971Z\n\ud83d\udccf Modified: 2025-03-11T06:31:06.971Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.299203\n2. https://vuldb.com/?ctiid.299203\n3. https://vuldb.com/?submit.512800\n4. https://github.com/zapping-vbi/zvbi/security/advisories/GHSA-g7cg-7gw9-v8cf\n5. https://github.com/zapping-vbi/zvbi/commit/ca1672134b3e2962cd392212c73f44f8f4cb489f\n6. https://github.com/zapping-vbi/zvbi/releases/tag/v0.2.44", "creation_timestamp": "2025-03-11T07:39:46.000000Z"}]}