Out-of-Bounds Write Vulnerability in TA-Lib Affects Multiple Versions
CVE-2025-3017

4.8MEDIUM

Key Information:

Vendor
TA-Lib
Status
Ta-lib
Vendor
CVE Published:
31 March 2025

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A significant out-of-bounds write vulnerability has been identified in TA-Lib, specifically affecting the setInputBuffer function within the ta_regtest component. This flaw allows unauthorized users to manipulate memory, potentially leading to data corruption or execution of arbitrary code. The vulnerability can be exploited locally, raising serious security concerns. A patch has been made available, and it is highly recommended that users update to the latest version to mitigate the risk.

Affected Version(s)

TA-Lib 0.6.0

TA-Lib 0.6.1

TA-Lib 0.6.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-3017 - Proof of Concept

References

https://vuldb.com/?id.302069
vdb-entrytechnical-description
https://vuldb.com/?ctiid.302069
signaturepermissions-required
https://vuldb.com/?submit.524603
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

tyy_qqq (VulDB User)
.