VDB-303686 · CVE-2025-3408 · GCVE-100-303686

Nothings stb Dok f056911 stb_dupreplace Korupcija memorije

Identifikovana je ranjivost klasifikovana kao Kritične u Nothings stb Dok f056911. Obuhvaćeno je funkcija stb_dupreplace. Promena uzrokuje Korupcija memorije. Definisanje problema putem CWE vodi do CWE-190. Objava slabosti je izvršena 04/07/2025. Ova ranjivost je registrovana kao CVE-2025-3408. Napad se može izvesti na daljinu. Napad je moguć samo unutar lokalne mreže. Postoje tehnički detalji. Нема доступног експлоита. U ovom trenutku, trenutna cena za eksploataciju može iznositi oko USD $0-$5k. Klasifikovano je kao nije definisano. Kao 0-day, procenjuje se da je cena na ilegalnom tržištu bila oko $0-$5k. Proizvod koristi rolling release pristup za stalnu isporuku, zbog čega nisu dostupni detalji o verzijama pogođenih ili ažuriranih izdanja. If you want to get best quality of vulnerability data, you may have to visit VulDB.

3 Promene · 94 Tačke podataka

Polje	Kreirali 04/07/2025 13:01	Ažurira 1/2 04/08/2025 15:23	Ažurira 2/2 10/16/2025 17:22
software_vendor	Nothings	Nothings	Nothings
software_name	stb	stb	stb
software_version	<=f056911	<=f056911	<=f056911
software_rollingrelease	1	1	1
software_function	stb_dupreplace	stb_dupreplace	stb_dupreplace
vulnerability_cwe	CWE-190 (Korupcija memorije)	CWE-190 (Korupcija memorije)	CWE-190 (Korupcija memorije)
vulnerability_risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_rc	R	R	R
source_cve	CVE-2025-3408	CVE-2025-3408	CVE-2025-3408
cna_responsible	VulDB	VulDB	VulDB
response_summary	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_rc	UR	UR	UR
cvss4_vuldb_av	N	N	N
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_pr	N	N	N
cvss4_vuldb_ui	P	P	P
cvss4_vuldb_vc	L	L	L
cvss4_vuldb_vi	L	L	L
cvss4_vuldb_va	L	L	L
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	X	X	X
cvss4_vuldb_at	N	N	N
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss4_vuldb_e	X	X	X
cvss2_vuldb_basescore	7.5	7.5	7.5
cvss2_vuldb_tempscore	7.1	7.1	7.1
cvss3_vuldb_basescore	6.3	6.3	6.3
cvss3_vuldb_tempscore	6.1	6.1	6.1
cvss3_meta_basescore	6.3	6.3	7.1
cvss3_meta_tempscore	6.1	6.2	7.1
cvss4_vuldb_bscore	5.3	5.3	5.3
cvss4_vuldb_btscore	5.3	5.3	5.3
advisory_date	1743976800 (04/07/2025)	1743976800 (04/07/2025)	1743976800 (04/07/2025)
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability was found in Nothings stb up to f056911. It has been rated as critical. Affected by this issue is the function stb_dupreplace. The manipulation leads to integer overflow. The attack may be launched remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.	A vulnerability was found in Nothings stb up to f056911. It has been rated as critical. Affected by this issue is the function stb_dupreplace. The manipulation leads to integer overflow. The attack may be launched remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
cve_nvd_summaryes		Se encontró una vulnerabilidad en Nothings stb hasta f056911. Se ha clasificado como crítica. Este problema afecta a la función stb_dupreplace. La manipulación provoca un desbordamiento de enteros. El ataque puede ejecutarse remotamente. Este producto utiliza un sistema de entrega continua con versiones progresivas. Por lo tanto, no se dispone de detalles de las versiones afectadas ni de las versiones actualizadas. Se contactó al proveedor con antelación para informarle sobre esta divulgación, pero no respondió.	Se encontró una vulnerabilidad en Nothings stb hasta f056911. Se ha clasificado como crítica. Este problema afecta a la función stb_dupreplace. La manipulación provoca un desbordamiento de enteros. El ataque puede ejecutarse remotamente. Este producto utiliza un sistema de entrega continua con versiones progresivas. Por lo tanto, no se dispone de detalles de las versiones afectadas ni de las versiones actualizadas. Se contactó al proveedor con antelación para informarle sobre esta divulgación, pero no respondió.
cvss4_cna_av		N	N
cvss4_cna_ac		L	L
cvss4_cna_at		N	N
cvss4_cna_pr		N	N
cvss4_cna_ui		P	P
cvss4_cna_vc		L	L
cvss4_cna_vi		L	L
cvss4_cna_va		L	L
cvss4_cna_sc		N	N
cvss4_cna_si		N	N
cvss4_cna_sa		N	N
cvss4_cna_bscore		5.3	5.3
cvss3_cna_av		N	N
cvss3_cna_ac		L	L
cvss3_cna_pr		N	N
cvss3_cna_ui		R	R
cvss3_cna_s		U	U
cvss3_cna_c		L	L
cvss3_cna_i		L	L
cvss3_cna_a		L	L
cvss3_cna_basescore		6.3	6.3
cvss2_cna_av		N	N
cvss2_cna_ac		L	L
cvss2_cna_au		N	N
cvss2_cna_ci		P	P
cvss2_cna_ii		P	P
cvss2_cna_ai		P	P
cvss2_cna_basescore		7.5	7.5
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			R
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss3_nvd_basescore			8.8

◂ Prethodne Pregled Sledeжi ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!