{
  "threat_severity" : "Moderate",
  "public_date" : "2025-02-19T07:01:22Z",
  "bugzilla" : {
    "description" : "iniparser: Heap Overflow in iniparser.c",
    "id" : "2346474",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2346474"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
    "status" : "draft"
  },
  "cwe" : "CWE-122",
  "details" : [ "Heap-based Buffer Overflow vulnerability in iniparser_dumpsection_ini() in iniparser allows attacker to read out of bound memory", "A flaw was found in iniparser. This vulnerability allows an attacker to read out-of-bound memory via iniparser_dumpsection_ini()." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "iniparser",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "iniparser",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-0633\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-0633\nhttps://gitlab.com/iniparser/iniparser/-/issues/177" ],
  "name" : "CVE-2025-0633",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}