CVE-2025-13601

HIGH

Red Hat CodeReady Linux Builder - Heap-Based Buffer Overflow via g_escape_uri_string()

Title source: llm
STIX 2.1

Description

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.

References (33)

Core 33
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:0975
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:0991
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:1323
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:1324
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:1326
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:1327
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:1465
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:1608
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:1624
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:1625
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:1626
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:1627
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:1652
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:1736
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:18344
https://access.redhat.com/errata/RHSA-2026:18344
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:18705
https://access.redhat.com/errata/RHSA-2026:18705
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:2064
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:2072
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:2485
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:2563
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:2633
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:2659
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:2671
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:2974
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:3415
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:4419
https://access.redhat.com/errata/RHSA-2026:4419
Vendor Advisory vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2025-13601
Issue Tracking, Vendor Advisory issue-tracking x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2416741
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:7461
https://access.redhat.com/errata/RHSA-2026:7461
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:0936

Scores

CVSS v3 7.7
EPSS 0.0027
EPSS Percentile 19.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-190
Status published
Products (50)
gnome/glib < 2.86.3
Red Hat/Red Hat Ceph Storage 8 1769512383
Red Hat/Red Hat Ceph Storage 8 sha256:09aaeba975aa74bdf95d63e5619c0cabb1cd9e1410aa34e7f8ecf24a5e291d1a
Red Hat/Red Hat Ceph Storage 8 sha256:9e4f3ffb68eae556a6d34426903430173e4563eea3ea5d6720ce9b5b43c2dbda
Red Hat/Red Hat Discovery 2 1769104765
Red Hat/Red Hat Discovery 2 1769111774
Red Hat/Red Hat Discovery 2 sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6
Red Hat/Red Hat Discovery 2 sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd
Red Hat/Red Hat Discovery 2 sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8
Red Hat/Red Hat Enterprise Linux 10
... and 40 more
Published Nov 26, 2025
Tracked Since Feb 18, 2026