CVE-2025-14310
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-14310, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-09

Last updated on: 2025-12-09

Assigner: Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)

Description

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in rethinkdb.This issue affects rethinkdb: before 2.4.4.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-09
Last Modified
2025-12-09
Generated
2026-07-06
AI Q&A
2025-12-09
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
rethinkdb rethinkdb *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a classic buffer overflow in rethinkdb versions before 2.4.4, caused by copying data into a buffer without checking the size of the input. This can lead to memory corruption and potentially allow an attacker to execute arbitrary code or cause a denial of service.

Impact Analysis

The vulnerability can lead to severe impacts including unauthorized code execution, system crashes, or denial of service, potentially compromising the security and availability of systems running affected versions of rethinkdb.

Detection Guidance

Detection of this vulnerability involves monitoring for malformed JSON input containing UTF-16 surrogate pairs that could trigger the buffer overflow in the parse_string function. You can inspect logs for crashes or memory corruption related to JSON parsing in rethinkdb. Additionally, fuzz testing JSON inputs with UTF-16 surrogate pairs against your rethinkdb instance may help detect the vulnerability. Specific commands are not provided in the resources. [1]

Mitigation Strategies

The immediate mitigation step is to upgrade rethinkdb to version 2.4.4 or later, where the vulnerability has been fixed by adding proper bounds checking, Unicode validation, improved memory management, and enhanced error handling in the JSON parsing code. Applying the patch from the linked pull request or updating to the fixed version will prevent exploitation. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14310. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart