CVE-2025-51823
BaseFortify
Publication date: 2025-08-11
Last updated on: 2025-08-14
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| libcsp | libcsp | 2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-51823 is a heap-based buffer overflow vulnerability in the libcsp project's csp_eth_init function. The issue occurs because the function uses the unsafe strcpy function to copy the network interface name (ifname) into a fixed-size buffer (ctx->name) without checking the input length. If the input string exceeds the buffer size, it causes a heap overflow, leading to memory corruption and security risks. This vulnerability was reintroduced by replacing a previously safe strncpy call with strcpy. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to heap-based buffer overflow, which may cause memory corruption, program crashes, or potentially allow an attacker to execute arbitrary code. Exploiting this flaw could compromise the security and stability of systems using the affected libcsp version, potentially leading to unauthorized access or denial of service. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for heap-buffer-overflow errors related to the libcsp process, especially during initialization of network interfaces. Using AddressSanitizer (ASAN) during testing or runtime can reveal heap-buffer-overflow errors triggered by the unsafe strcpy call in csp_eth_init. To detect it on your system, you can run libcsp with ASAN enabled and look for errors indicating overflow in csp_eth_init. Additionally, checking the length of interface names passed to libcsp and verifying if they exceed the maximum allowed length (CSP_IFLIST_NAME_MAX) can help identify potential triggers. Specific commands include running the libcsp binary under ASAN, for example: `ASAN_OPTIONS=detect_heap_buffer_overflow=1 ./libcsp_binary` and monitoring logs for heap-buffer-overflow errors referencing csp_eth_init. [2]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, update libcsp to the fixed version where the unsafe strcpy call in csp_eth_init is replaced with a safe strncpy call that limits the copied bytes to the buffer size (sizeof(ctx->name) - 1). This patch prevents buffer overflow by enforcing input length checks. If updating is not immediately possible, ensure that the interface names passed to libcsp do not exceed the maximum allowed length (CSP_IFLIST_NAME_MAX) to avoid triggering the overflow. Avoid using or deploying versions of libcsp that contain the unsafe strcpy call. Applying the patch merged on July 19, 2025, is the recommended fix. [1]