CVE-2025-2177 — Vulnetix

CVE-2025-2177 PUBLISHED CVSS 6.900000095367432 MEDIUM

A vulnerability classified as critical was found in libzvbi up to 0.2.43. This vulnerability affects the function vbi_search_new of the file src/search.c. The manipulation of the argument pat_len leads to integer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is identified as ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.

EPSS 0.08% · 22.7th percentile

Risk Scores

CVSS 4.0

6.900000095367432

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS Score

0.08%

22.7th percentile

Affected Products

Vendor	Product	Versions
n/a	libzvbi	0.2.42, 0.2.0, 0.2.1
zapping-vbi	zvbi	0

Exploit Intelligence

CIRCL seen: CVE-2025-2177 (circl-sighting)
CIRCL seen: CVE-2025-2177 (circl-sighting)
VDB-299206 | libzvbi search.c vbi_search_new integer overflow (circl)
VDB-299206 | CTI Indicators (IOB, IOC, IOA) (circl)
Submit #512803 | Open Source libzvbi 0.2.43 Integer Overflow -> Heap Overflow (vbi_search_new) (circl)
https://github.com/zapping-vbi/zvbi/security/advisories/GHSA-g7cg-7gw9-v8cf (circl)
https://github.com/zapping-vbi/zvbi/commit/ca1672134b3e2962cd392212c73f44f8f4cb489f (circl)
https://github.com/zapping-vbi/zvbi/releases/tag/v0.2.44 (circl)

Timeline

Mar 11, 2025 CVE Published
Mar 11, 2025 CVE Updated
Mar 12, 2025 EPSS Score
Mar 18, 2025 Coalition ESS Score
Mar 26, 2025 EPSS Score
Apr 8, 2025 EPSS Score
Apr 22, 2025 EPSS Score
May 5, 2025 EPSS Score
May 19, 2025 EPSS Score
Jun 2, 2025 EPSS Score
Jun 15, 2025 EPSS Score
Jun 29, 2025 EPSS Score

References

Open in Interactive Console →