CVE-2025-0395

MEDIUM

GNU C Library <2.41 - Buffer Overflow

Title source: llm

Description

When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.

References (12)

Core 12

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2025/04/msg00039.html

Mailing List

http://www.openwall.com/lists/oss-security/2025/01/22/4

Mailing List

http://www.openwall.com/lists/oss-security/2025/01/23/2

Mailing List

http://www.openwall.com/lists/oss-security/2025/04/13/1

Mailing List

http://www.openwall.com/lists/oss-security/2025/04/24/7

Vendor Advisory

https://security.netapp.com/advisory/ntap-20250228-0006/

Mailing List

https://www.openwall.com/lists/oss-security/2025/01/22/4

Patch

https://sourceware.org/bugzilla/show_bug.cgi?id=32582

Patch

https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2025-0001

Patch

https://sourceware.org/pipermail/libc-announce/2025/000044.html

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-398330.html

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-577017.html

Scores

CVSS v3 6.2

EPSS 0.0034

EPSS Percentile 25.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-131

Status published

Products (1)

The GNU C Library/glibc 2.13 - 2.40

Published Jan 22, 2025

Tracked Since Feb 18, 2026