CVE-2025-6499

A vulnerability classified as problematic was found in vstakhov libucl up to 0.9.2. Affected by this vulnerability is the function ucl_parse_multiline_string of the file src/ucl_parser.c. The manipulation leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
VulDBCNA
3.3 LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
VendorProductVersion
vstakhovlibucl
𝑥
≤ 0.9.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/user-attachments/files/19825399/libucl_crash.txt
https://github.com/vstakhov/libucl/issues/319
https://vuldb.com/?ctiid.313615
https://vuldb.com/?id.313615
https://vuldb.com/?submit.601011
https://github.com/vstakhov/libucl/issues/319