{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-3017", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-03-31T05:42:40.877Z", "datePublished": "2025-03-31T21:31:10.492Z", "dateUpdated": "2025-04-01T20:06:50.627Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-03-31T21:31:10.492Z"}, "title": "TA-Lib ta_regtest test_minmax.c setInputBuffer out-of-bounds write", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-787", "lang": "en", "description": "Out-of-bounds Write"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "n/a", "product": "TA-Lib", "versions": [{"version": "0.6.0", "status": "affected"}, {"version": "0.6.1", "status": "affected"}, {"version": "0.6.2", "status": "affected"}, {"version": "0.6.3", "status": "affected"}, {"version": "0.6.4", "status": "affected"}], "modules": ["ta_regtest"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, has been found in TA-Lib up to 0.6.4. This issue affects the function setInputBuffer of the file src/tools/ta_regtest/ta_test_func/test_minmax.c of the component ta_regtest. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of the patch is 5879180e9070ec35d52948f2f57519713256a0f1. It is recommended to apply a patch to fix this issue."}, {"lang": "de", "value": "Eine Schwachstelle wurde in TA-Lib bis 0.6.4 entdeckt. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion setInputBuffer der Datei src/tools/ta_regtest/ta_test_func/test_minmax.c der Komponente ta_regtest. Durch das Beeinflussen mit unbekannten Daten kann eine out-of-bounds write-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 5879180e9070ec35d52948f2f57519713256a0f1 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P"}}], "timeline": [{"time": "2025-03-31T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-03-31T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-03-31T07:47:48.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "tyy_qqq (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.302069", "name": "VDB-302069 | TA-Lib ta_regtest test_minmax.c setInputBuffer out-of-bounds write", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.302069", "name": "VDB-302069 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.524603", "name": "Submit #524603 | TA-Lib Project ta-lib 0.6.4 Out-of-bounds Write", "tags": ["third-party-advisory"]}, {"url": "https://github.com/TA-Lib/ta-lib/issues/61", "tags": ["issue-tracking"]}, {"url": "https://github.com/TA-Lib/ta-lib/pull/62", "tags": ["issue-tracking"]}, {"url": "https://github.com/TA-Lib/ta-lib/issues/61#issue-2931609110", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/TA-Lib/ta-lib/commit/5879180e9070ec35d52948f2f57519713256a0f1", "tags": ["patch"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-01T20:06:42.580044Z", "id": "CVE-2025-3017", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-01T20:06:50.627Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3017", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-01T20:06:42.580044Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-01T20:06:45.619Z"}}], "cna": {"title": "TA-Lib ta_regtest test_minmax.c setInputBuffer out-of-bounds write", "credits": [{"lang": "en", "type": "reporter", "value": "tyy_qqq (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P"}}], "affected": [{"vendor": "n/a", "modules": ["ta_regtest"], "product": "TA-Lib", "versions": [{"status": "affected", "version": "0.6.0"}, {"status": "affected", "version": "0.6.1"}, {"status": "affected", "version": "0.6.2"}, {"status": "affected", "version": "0.6.3"}, {"status": "affected", "version": "0.6.4"}]}], "timeline": [{"lang": "en", "time": "2025-03-31T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-03-31T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-03-31T07:47:48.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.302069", "name": "VDB-302069 | TA-Lib ta_regtest test_minmax.c setInputBuffer out-of-bounds write", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.302069", "name": "VDB-302069 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.524603", "name": "Submit #524603 | TA-Lib Project ta-lib 0.6.4 Out-of-bounds Write", "tags": ["third-party-advisory"]}, {"url": "https://github.com/TA-Lib/ta-lib/issues/61", "tags": ["issue-tracking"]}, {"url": "https://github.com/TA-Lib/ta-lib/pull/62", "tags": ["issue-tracking"]}, {"url": "https://github.com/TA-Lib/ta-lib/issues/61#issue-2931609110", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/TA-Lib/ta-lib/commit/5879180e9070ec35d52948f2f57519713256a0f1", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, has been found in TA-Lib up to 0.6.4. This issue affects the function setInputBuffer of the file src/tools/ta_regtest/ta_test_func/test_minmax.c of the component ta_regtest. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of the patch is 5879180e9070ec35d52948f2f57519713256a0f1. It is recommended to apply a patch to fix this issue."}, {"lang": "de", "value": "Eine Schwachstelle wurde in TA-Lib bis 0.6.4 entdeckt. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion setInputBuffer der Datei src/tools/ta_regtest/ta_test_func/test_minmax.c der Komponente ta_regtest. Durch das Beeinflussen mit unbekannten Daten kann eine out-of-bounds write-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 5879180e9070ec35d52948f2f57519713256a0f1 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Out-of-bounds Write"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-03-31T21:31:10.492Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3017", "state": "PUBLISHED", "dateUpdated": "2025-04-01T20:06:50.627Z", "dateReserved": "2025-03-31T05:42:40.877Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-03-31T21:31:10.492Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, has been found in TA-Lib up to 0.6.4. This issue affects the function setInputBuffer of the file src/tools/ta_regtest/ta_test_func/test_minmax.c of the component ta_regtest. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of the patch is 5879180e9070ec35d52948f2f57519713256a0f1. It is recommended to apply a patch to fix this issue."}], "id": "CVE-2025-3017", "lastModified": "2025-04-01T20:26:22.890", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "[email protected]", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-03-31T22:15:22.807", "references": [{"source": "[email protected]", "url": "https://github.com/TA-Lib/ta-lib/commit/5879180e9070ec35d52948f2f57519713256a0f1"}, {"source": "[email protected]", "url": "https://github.com/TA-Lib/ta-lib/issues/61"}, {"source": "[email protected]", "url": "https://github.com/TA-Lib/ta-lib/issues/61#issue-2931609110"}, {"source": "[email protected]", "url": "https://github.com/TA-Lib/ta-lib/pull/62"}, {"source": "[email protected]", "url": "https://vuldb.com/?ctiid.302069"}, {"source": "[email protected]", "url": "https://vuldb.com/?id.302069"}, {"source": "[email protected]", "url": "https://vuldb.com/?submit.524603"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-787"}], "source": "[email protected]", "type": "Primary"}]}

{}