A vulnerability (CVE-2025-5278) has been discovered in the sort utility, which is part of the GNU Coreutils package, that allows access to data outside the buffer boundary when sorting using the "+POS1[.C1][OPTS]" syntax, which is used to select sortable keys in the processed data. The problem is caused by an integer overflow (wraparound) in the begfield() function, which allows reading the contents of one byte of data outside the buffer. The vulnerability can be used to cause an abnormal termination of applications or to leak information from a process when passing specially formatted sorting parameters to an attacker. The problem has been present since version 7.2 (2009) and has been fixed in the form of a patch.
The problem can be reproduced by trying to sort a file containing the string "aa\nbb" with the command "./sort +0.18446744073709551615R poc_input.txt". In this case, the sort utility must be compiled with Address Sanitizer enabled (option "-fsanitize=address").
Source: opennet.ru
