CVE-2025-51823

Published: Aug 11, 2025Modified: Jun 17, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

Exploitability: 2.2 / Impact: 4.2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

libcsp 2.0 is vulnerable to Buffer Overflow in the csp_eth_init() function due to improper handling of the ifname parameter. The function uses strcpy to copy the interface name into a structure member (ctx->name) without validating the input length.

Affected (1)

Products: Libcsp: Libcsp

Libcsp

1 product

Libcsp

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libcsp Libcsp	Version 2.0

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://github.com/libcsp/libcsp/issues/850

Source: cve@mitre.org

Third Party Advisory

https://github.com/libcsp/libcsp/pull/852

Source: cve@mitre.org

Patch

Timeline

No history available yet.