CVE-2025-71263

Description

In UNIX Fourth Research Edition (v4), the su command is vulnerable to a buffer overflow due to the 'password' variable having a fixed size of 100 bytes. A local user can exploit this to gain root privileges. It is unlikely that UNIX v4 is running anywhere outside of a very small number of lab environments. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

AT&T Bell Labs / UNIX4 – 4

References

MISChttps://sigma-star.at/blog/2025/12/unix-v4-buffer-overflow/
MISChttps://www.tuhs.org/pipermail/tuhs/2026-January/032991.html
MISChttps://discuss.systems/@ricci/115747843169814700
MISChttps://www.spinellis.gr/blog/20251223/