CVE-2025-15281
HIGHglibc 2.0-2.42 - Use of Uninitialized Resource in wordexp with WRDE_REUSE and WRDE_APPEND
Title source: llmDescription
Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.
References (2)
Core 2
Core References
Issue Tracking, Patch
https://sourceware.org/bugzilla/show_bug.cgi?id=33814
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2026/01/20/3
Scores
CVSS v3
7.5
EPSS
0.0029
EPSS Percentile
20.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-908
Status
published
Products (1)
gnu/glibc
2.0 - 2.43
Published
Jan 20, 2026
Tracked Since
Feb 18, 2026