{
  "threat_severity" : "Low",
  "public_date" : "2026-01-20T13:22:46Z",
  "bugzilla" : {
    "description" : "glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory",
    "id" : "2431196",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2431196"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.9",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-908",
  "details" : [ "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service." ],
  "statement" : "To exploit this issue, an attacker needs to find an application linked to the glibc library that is using the wordexp function with the flags WRDE_REUSE and WRDE_APPEND. Also, calls to wordexp using both flags never worked correctly and thus the existence of applications that make use of this feature is unlikely. There is no known application vulnerable to this issue.\nFurthermore, this flaw will result in a denial of service with no other security impact.\nDue to these reasons, this vulnerability has been rated with a low severity.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2026-03-17T00:00:00Z",
    "advisory" : "RHSA-2026:4772",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "glibc-0:2.28-251.el8_10.31"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2026-03-17T00:00:00Z",
    "advisory" : "RHSA-2026:4772",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "glibc-0:2.28-251.el8_10.31"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-02-17T00:00:00Z",
    "advisory" : "RHSA-2026:2786",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "glibc-0:2.34-231.el9_7.10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-02-17T00:00:00Z",
    "advisory" : "RHSA-2026:2786",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "glibc-0:2.34-231.el9_7.10"
  }, {
    "product_name" : "Cost Management 4",
    "release_date" : "2026-02-24T00:00:00Z",
    "advisory" : "RHSA-2026:3228",
    "cpe" : "cpe:/a:redhat:cost_management:4::el9",
    "package" : "costmanagement/costmanagement-metrics-rhel9-operator:sha256:1dd05671a8614a4354d9ebf94673f9e1bfd7a38af7052c2a4b9a25264f3ee4e1"
  }, {
    "product_name" : "Red Hat Ceph Storage 8",
    "release_date" : "2026-03-24T00:00:00Z",
    "advisory" : "RHSA-2026:5606",
    "cpe" : "cpe:/a:redhat:ceph_storage:8::el9",
    "package" : "rhceph/rhceph-8-rhel9:sha256:1160569002c25d3d349bbe41b57eeffade438853d3419edca01813227440f414"
  }, {
    "product_name" : "Red Hat Discovery 2",
    "release_date" : "2026-03-12T00:00:00Z",
    "advisory" : "RHSA-2026:4501",
    "cpe" : "cpe:/a:redhat:discovery:2::el9",
    "package" : "discovery/discovery-server-rhel9:sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28"
  }, {
    "product_name" : "Red Hat Discovery 2",
    "release_date" : "2026-03-12T00:00:00Z",
    "advisory" : "RHSA-2026:4501",
    "cpe" : "cpe:/a:redhat:discovery:2::el9",
    "package" : "discovery/discovery-ui-rhel9:sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5"
  }, {
    "product_name" : "Red Hat Insights proxy 1.5",
    "release_date" : "2026-03-16T00:00:00Z",
    "advisory" : "RHSA-2026:4655",
    "cpe" : "cpe:/a:redhat:insights_proxy:1.5::el9",
    "package" : "insights-proxy/insights-proxy-container-rhel9:sha256:325c34e2506d715975171557d40afb449c79cf6e0c41b35760977d5cafb827b8"
  }, {
    "product_name" : "Red Hat Update Infrastructure 5",
    "release_date" : "2026-03-18T00:00:00Z",
    "advisory" : "RHSA-2026:4943",
    "cpe" : "cpe:/a:redhat:rhui:5::el9",
    "package" : "rhui5/cds-rhel9:sha256:200c27e9b396276bd505c6b41127ac5eb1d94d620172cb818ae733f2a21ac524"
  }, {
    "product_name" : "Red Hat Update Infrastructure 5",
    "release_date" : "2026-03-18T00:00:00Z",
    "advisory" : "RHSA-2026:4943",
    "cpe" : "cpe:/a:redhat:rhui:5::el9",
    "package" : "rhui5/haproxy-rhel9:sha256:d98fd3fe5f5f9acd0efae7db19b61b864be1eb2fbe2586a1b6be2429fa2cc7a3"
  }, {
    "product_name" : "Red Hat Update Infrastructure 5",
    "release_date" : "2026-03-18T00:00:00Z",
    "advisory" : "RHSA-2026:4943",
    "cpe" : "cpe:/a:redhat:rhui:5::el9",
    "package" : "rhui5/installer-rhel9:sha256:2c50c87906a1abebf427a70f401c409f1258cb55d2096f517db870ec991cfd7f"
  }, {
    "product_name" : "Red Hat Update Infrastructure 5",
    "release_date" : "2026-03-18T00:00:00Z",
    "advisory" : "RHSA-2026:4943",
    "cpe" : "cpe:/a:redhat:rhui:5::el9",
    "package" : "rhui5/rhua-rhel9:sha256:5f1fbf66fb349a7baf066a1216d39989c3b89f18ec5108b96d9643baf4856778"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Affected",
    "package_name" : "glibc",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Fix deferred",
    "package_name" : "compat-glibc",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Fix deferred",
    "package_name" : "glibc",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "compat-glibc",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "glibc",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Fix deferred",
    "package_name" : "rhcos",
    "cpe" : "cpe:/a:redhat:openshift:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-15281\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-15281\nhttps://sourceware.org/bugzilla/show_bug.cgi?id=33814" ],
  "name" : "CVE-2025-15281",
  "mitigation" : {
    "value" : "To mitigate this issue, consider refactoring the use of the wordexp function to not use the WRDE_REUSE and WRDE_APPEND flags together.",
    "lang" : "en:us"
  },
  "csaw" : false
}