{"document":{"acknowledgments":[{"urls":["https://kb.cert.org/vuls/id/441887#acknowledgements"]}],"category":"CERT/CC Vulnerability Note","csaf_version":"2.0","notes":[{"category":"summary","text":"### Overview\r\nDuc, an open-source disk management tool, contains a stack-based buffer overflow vulnerability allowing for out-of-bounds memory read. An attacker can exploit this vulnerability through malformed input data, and can cause the tool to either crash or cause it to disclose portions of memory that should remain inaccessible. The vulnerability, tracked as CVE-2025-13654, has been patched in version 1.4.6 of Duc. In an enterprise situation, disk indexing tools that use Duc may be susceptible to crashes, data exposure, or other abnormal behavior if they process attacker-controlled input. \r\n\r\n### Description\r\n\r\nDuc is an open-source disk management tool. It can be used to index, inspect and visualize disk usage. Duc is intended for Linux operating systems. The tool maintains a database of files it indexes, and can be used to query said files, or create graphs to detail where the files are. \r\n\r\nA stack-based buffer overflow vulnerability has been discovered, tracked as CVE-2025-13654, within Duc. An attacker who can supply crafted input to the tool may trigger an out-of-bounds read, leading to a crash or unintended disclosure of adjacent stack data. \r\n\r\nIn the Duc software library, the code in buffer.c contains a function called buffer_get. Its length check uses unsigned subtraction, which can wrap on crafted input and result in memcpy() performing an out-of-bounds read.\r\n\r\n### Impact\r\nAn attacker able to send input data to a database or other input stream that uses Duc could cause a crash or information leak. \r\n\r\n### Solution\r\nVersion 1.4.6 of Duc, released on [GitHub](https://github.com/zevv/duc/releases/tag/1.4.6). Users should update to the latest version ASAP. All versions prior to 1.4.6 are considered to be affected. \r\n\r\n### Acknowledgements\r\nThanks to the reporter, HackingByDoing (hackingbydoing@proton.me). This document was written by Christopher Cullen.","title":"Summary"},{"category":"legal_disclaimer","text":"THIS DOCUMENT IS PROVIDED ON AN 'AS IS' BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. ","title":"Legal Disclaimer"},{"category":"other","text":"CERT/CC Vulnerability Note is a limited advisory. It primarily identifies vendors impacted by the advisory and not specific products. We only support \"known_affected\" and \"known_not_affected\" status. Please consult the vendor's statements and advisory URL if provided by the vendor for more details ","title":"Limitations of Advisory"}],"publisher":{"category":"coordinator","contact_details":"Email: cert@cert.org, Phone: +1412 268 5800","issuing_authority":"CERT/CC under DHS/CISA https://www.cisa.gov/cybersecurity also see https://kb.cert.org/ ","name":"CERT/CC","namespace":"https://kb.cert.org/"},"references":[{"url":"https://certcc.github.io/certcc_disclosure_policy","summary":"CERT/CC vulnerability disclosure policy"},{"summary":"CERT/CC document released","category":"self","url":"https://kb.cert.org/vuls/id/441887"},{"url":"https://github.com/zevv/duc/releases/tag/1.4.6","summary":"https://github.com/zevv/duc/releases/tag/1.4.6"},{"url":"https://hackingbydoing.wixsite.com/hackingbydoing/post/stack-buffer-overflow-in-duc","summary":"https://hackingbydoing.wixsite.com/hackingbydoing/post/stack-buffer-overflow-in-duc"}],"title":"Duc contains a stack buffer overflow vulnerability in the buffer_get function, allowing for out-of-bounds memory read","tracking":{"current_release_date":"2025-12-09T15:03:32+00:00","generator":{"engine":{"name":"VINCE","version":"3.0.35"}},"id":"VU#441887","initial_release_date":"2025-12-05 12:41:58.564271+00:00","revision_history":[{"date":"2025-12-09T15:03:32+00:00","number":"1.20251209150332.2","summary":"Released on 2025-12-09T15:03:32+00:00"}],"status":"final","version":"1.20251209150332.2"}},"vulnerabilities":[{"title":"A stack buffer overflow vulnerability exists in the buffer_get function of duc, a disk management tool, where a condition can evaluate to true due to underflow, allowing an out-of-bounds read.","notes":[{"category":"summary","text":"A stack buffer overflow vulnerability exists in the buffer_get function of duc, a disk management tool, where a condition can evaluate to true due to underflow, allowing an out-of-bounds read."}],"cve":"CVE-2025-13654","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#441887"}],"product_status":{"known_affected":["CSAFPID-7ac09b80-34db-11f1-8422-122e2785dc9f"]}}],"product_tree":{"branches":[{"category":"vendor","name":"Duc","product":{"name":"Duc Products","product_id":"CSAFPID-7ac09b80-34db-11f1-8422-122e2785dc9f"}}]}}