CVE-2025-29481

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-29481
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-29481.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-29481
Aliases
Downstream
Published
2025-04-07T20:15:20.720Z
Modified
2026-03-13T07:59:29.243541Z
Severity
  • 6.2 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpfobjectinitprog` function of libbpf. This has been disputed by third parties who assert that "no one in their sane mind should be passing untrusted ELF files into libbpf while running under root."

References

Affected packages

Git / github.com/libbpf/libbpf

Affected ranges

Type
GIT
Repo
https://github.com/libbpf/libbpf
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
09b9e83102eb8ab9e540d36b4559c55f3bcdb95d
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0"
        }
    ]
}

Affected versions

v0.*
v0.0.3
v0.0.4
v0.0.5
v0.0.6
v0.0.7
v0.0.8
v0.0.9
v0.1.0
v0.2
v0.3
v0.4.0
v0.5.0
v0.6.0
v0.7.0
v0.8.0
v1.*
v1.0.0
v1.1.0
v1.2.0
v1.3.0
v1.4.0
v1.5.0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-29481.json"