CVE-2025-14310
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-09

Last updated on: 2025-12-09

Assigner: Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)

Description
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in rethinkdb.This issue affects rethinkdb: before 2.4.4.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-09
Last Modified
2025-12-09
Generated
2026-06-16
AI Q&A
2025-12-09
EPSS Evaluated
2026-06-15
NVD
CVE-2025-14310
EUVD
EUVD-2025-201904
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
rethinkdb rethinkdb *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a classic buffer overflow in rethinkdb versions before 2.4.4, caused by copying data into a buffer without checking the size of the input. This can lead to memory corruption and potentially allow an attacker to execute arbitrary code or cause a denial of service.

Impact Analysis

The vulnerability can lead to severe impacts including unauthorized code execution, system crashes, or denial of service, potentially compromising the security and availability of systems running affected versions of rethinkdb.

Detection Guidance

Detection of this vulnerability involves monitoring for malformed JSON input containing UTF-16 surrogate pairs that could trigger the buffer overflow in the parse_string function. You can inspect logs for crashes or memory corruption related to JSON parsing in rethinkdb. Additionally, fuzz testing JSON inputs with UTF-16 surrogate pairs against your rethinkdb instance may help detect the vulnerability. Specific commands are not provided in the resources. [1]

Mitigation Strategies

The immediate mitigation step is to upgrade rethinkdb to version 2.4.4 or later, where the vulnerability has been fixed by adding proper bounds checking, Unicode validation, improved memory management, and enhanced error handling in the JSON parsing code. Applying the patch from the linked pull request or updating to the fixed version will prevent exploitation. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14310. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart