DEBIAN-CVE-2025-29481
- Source
- https://security-tracker.debian.org/tracker/CVE-2025-29481
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-29481.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2025-29481
- Upstream
- Published
- 2025-04-07T20:15:20.720Z
- Modified
- 2026-03-11T07:37:51.126644Z
- Severity
-
- 6.2 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpfobjectinitprog` function of libbpf. This has been disputed by third parties who assert that "no one in their sane mind should be passing untrusted ELF files into libbpf while running under root."
- References
Affected packages
Debian:11 / libbpf
Package
- Name
- libbpf
- Purl
- pkg:deb/debian/libbpf?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0.*
0.3-2
0.3-2+deb11u1
0.4.0-1
0.4.0-2
0.5.0-1~bpo11+1
0.5.0-1
0.6.0-1
0.6.1-1
0.7.0-1
0.7.0-2~bpo11+1
0.7.0-2
0.8.0-1
1.*
1.0.0-1
1.0.1-1
1.0.1-2
1.1.0-1
1.2.0-1
1.2.2-1
1.2.2-2
1.3.0-1
1.3.0-2
1.4.1-1
1.4.2-1
1.4.3-1
1.4.5-1
1.4.6-1~bpo12+1
1.4.6-1
1.5.0-1~exp1
1.5.0-1
1.5.0-2~exp1
1.5.0-2
1.5.0-3
1.6.1-1~exp1
1.6.1-1
1.6.2-1
1.6.3-1~exp1
Debian:12 / libbpf
Package
- Name
- libbpf
- Purl
- pkg:deb/debian/libbpf?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:13 / libbpf
Package
- Name
- libbpf
- Purl
- pkg:deb/debian/libbpf?arch=source
Debian:14 / libbpf
Package
- Name
- libbpf
- Purl
- pkg:deb/debian/libbpf?arch=source