CVE-2025-3017 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2025-3017

CVE-2025-3017

March 31, 2025

A vulnerability, which was classified as critical, has been found in TA-Lib up to 0.6.4. This issue affects the function setInputBuffer of the file src/tools/ta_regtest/ta_test_func/test_minmax.c of the component ta_regtest. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of the patch is 5879180e9070ec35d52948f2f57519713256a0f1. It is recommended to apply a patch to fix this issue.

Related Resources (7)

https://github.com/TA-Lib/ta-lib/issues/61

https://vuldb.com/?id.302069

https://vuldb.com/?ctiid.302069

https://github.com/TA-Lib/ta-lib/pull/62

https://vuldb.com/?submit.524603

https://github.com/TA-Lib/ta-lib/commit/5879180e9070ec35d52948f2f57519713256a0f1

https://github.com/TA-Lib/ta-lib/issues/61#issue-2931609110

Do you need more information?

CVSS v4

Base Score:

4.8

Attack Vector

LOCAL

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

LOW

Vulnerable System Availability

LOW

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

5.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

CVSS v2

Base Score:

4.3

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

Weakness Type (CWE)

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-119

Out-of-bounds Write

CWE-787

EPSS

Base Score:

0.07

Products

Solutions

Resources

Company

Compare

Developer Tools