CVE-2025-13425

Published November 20th, 2025

View on NVD ↗

CVSS v3

N/A

CVSS v2

N/A

Affected

PROJECT

Description

A bug in the filesystem traversal fallback path causes fs/diriterate/diriterate.go:Next() to overindex an empty slice when ReadDir returns nil for an empty directory, resulting in a panic (index out of range) and an application crash (denial of service) in OSV-SCALIBR.

google/osv-scalibr

OSV-SCALIBR: A library for Software Composition Analysis

GitHub

606