CVE-2025-0395

MEDIUM

GNU C Library <2.41 - Buffer Overflow

Title source: llm

Description

When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.

References (10)

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/04/msg00039.html

[Patch] https://sourceware.org/bugzilla/show_bug.cgi?id=32582

[Patch] https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2025-0001

[Patch] https://sourceware.org/pipermail/libc-announce/2025/000044.html

[Mailing List] https://www.openwall.com/lists/oss-security/2025/01/22/4

[Mailing List] http://www.openwall.com/lists/oss-security/2025/01/22/4

[Mailing List] http://www.openwall.com/lists/oss-security/2025/01/23/2

[Mailing List] http://www.openwall.com/lists/oss-security/2025/04/13/1

[Mailing List] http://www.openwall.com/lists/oss-security/2025/04/24/7

[Vendor Advisory] https://security.netapp.com/advisory/ntap-20250228-0006/

Scores

CVSS v3 6.2

EPSS 0.0007

EPSS Percentile 21.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-131

Status published

Products (1)

The GNU C Library/glibc 2.13 - 2.40

Published Jan 22, 2025

Tracked Since Feb 18, 2026