{"id":"CVE-2025-2588","summary":"Hercules Augeas fa.c re_case_expand null pointer dereference","details":"A vulnerability has been found in Hercules Augeas 1.14.1 and classified as problematic. This vulnerability affects the function re_case_expand of the file src/fa.c. The manipulation of the argument re leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.","modified":"2026-05-28T03:55:37.311353250Z","published":"2025-03-21T12:00:10.758Z","related":["CGA-64r7-hw42-hj5q","SUSE-SU-2025:01534-1","SUSE-SU-2025:01754-1","SUSE-SU-2025:01763-1","SUSE-SU-2025:1413-1","SUSE-SU-2025:1534-1","SUSE-SU-2025:20345-1","SUSE-SU-2025:20415-1","openSUSE-SU-2025:15021-1"],"database_specific":{"cwe_ids":["CWE-404","CWE-476"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/2xxx/CVE-2025-2588.json","cna_assigner":"VulDB"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/2xxx/CVE-2025-2588.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2588"},{"type":"ADVISORY","url":"https://vuldb.com/?id.300568"},{"type":"ADVISORY","url":"https://vuldb.com/?submit.517281"},{"type":"REPORT","url":"https://github.com/hercules-team/augeas/issues/852"},{"type":"REPORT","url":"https://github.com/hercules-team/augeas/issues/852#issue-2905999609"},{"type":"REPORT","url":"https://vuldb.com/?ctiid.300568"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/hercules-team/augeas","events":[{"introduced":"0"},{"last_affected":"b993ce902243a6d7b607c3895b4f67789d69e245"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"1.14.1"}],"source":"AFFECTED_FIELD"}}],"versions":["release-1.14.1","release-1.14.0","release-1.13.0","release-1.12.0","release-1.11.0","release-1.10.1","release-1.10.0","release-1.9.0","release-1.8.0","release-1.7.0","release-1.6.0","release-1.5.0","release-1.4.0","release-1.3.0","release-1.1.0","release-1.2.0","release-1.0.0","release-0.10.0","release-0.9.0","release-0.8.1","release-0.8.0","release-0.7.4","release-0.7.3","release-0.7.2","release-0.7.1","release-0.7.0","release-0.6.0","release-0.5.3","bug-79","bug-78","release-0.5.2","release-0.5.1","release-0.5.0","release-0.4.2","release-0.4.1","release-0.4.0","release-0.3.6","release-0.3.5","release-0.3.4","release-0.3.3","release-0.3.2","bug/26","bug/17","hg-to-git-conversion","release-0.3.1","release-0.3.0","release-0.2.2","release-0.2.1","release-0.2.0","release-0.1.1","release-0.1.0","release-0.0.8","ml-syntax-start","release-0.0.7","release-0.0.6","release-0.0.5","release-0.0.4","release-0.0.3","release-0.0.2","remove-any-first-follow","snapshot-1","release-0.0.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-2588.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"}]}