In a recent development, a vulnerability has been exposed in the Sort utility, a component of the GNU Coreutils package. The vulnerability, identified as CVE-2025-5278, causes data to exceed the buffer limits during the sorting process when using the syntax “+POS1 [.C1] [OPTS]” to select sorted keys within processed data.
This issue is a result of an integer overflow, specifically in the Begfield() function, leading to the ability to read one byte of data outside the buffer’s boundaries. Exploiting this vulnerability has the potential to trigger abnormal termination of applications or leak information from the process if attackers manipulate sorting parameters in a certain way. The flaw has been identified in versions from 7.2 (2009) onwards and has been addressed through patches.
These details have surfaced following attempts to reproduce the issue by sorting a file containing the command “aa nb /sort +0.18446744073709551615R poc_input.txt.” A visual representation of the vulnerability can be seen below:
