{ "threat_severity" : "Moderate", "public_date" : "2025-01-22T13:11:30Z", "bugzilla" : { "description" : "glibc: buffer overflow in the GNU C Library's assert()", "id" : "2339460", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2339460" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "status" : "verified" }, "cwe" : "CWE-131", "details" : [ "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior." ], "statement" : "The bug is with glib assert() function that is typically used to identify logic errors in programs. The specific vulnerability stems in not enough being allocated to fit an arbitrary length error statement that is passed to the assert() function. The lack of any check on the string length causes the buffer overflow.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2025-04-14T00:00:00Z", "advisory" : "RHSA-2025:3828", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "glibc-0:2.28-251.el8_10.16" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2025-04-14T00:00:00Z", "advisory" : "RHSA-2025:3828", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "glibc-0:2.28-251.el8_10.16" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-04-28T00:00:00Z", "advisory" : "RHSA-2025:4244", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "glibc-0:2.34-125.el9_5.8" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-04-28T00:00:00Z", "advisory" : "RHSA-2025:4244", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "glibc-0:2.34-125.el9_5.8" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2025-04-28T00:00:00Z", "advisory" : "RHSA-2025:4242", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0", "package" : "glibc-0:2.34-28.el9_0.8" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date" : "2025-04-28T00:00:00Z", "advisory" : "RHSA-2025:4241", "cpe" : "cpe:/a:redhat:rhel_eus:9.2", "package" : "glibc-0:2.34-60.el9_2.17" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2025-04-28T00:00:00Z", "advisory" : "RHSA-2025:4243", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "glibc-0:2.34-100.el9_4.10" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "glibc", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "compat-glibc", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "glibc", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "compat-glibc", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Will not fix", "package_name" : "glibc", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Fix deferred", "package_name" : "rhcos", "cpe" : "cpe:/a:redhat:openshift:4" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-0395\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-0395\nhttps://sourceware.org/bugzilla/show_bug.cgi?id=32582" ], "name" : "CVE-2025-0395", "csaw" : false }