← Back to CVEs
CVE-2025-0395
MEDIUM6.2
Description
When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.
CVE Details
CVSS v3.1 Score6.2
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published1/22/2025
Last Modified2/4/2026
Sourcenvd
Honeypot Sightings0
Weaknesses (CWE)
CWE-131
References
https://sourceware.org/bugzilla/show_bug.cgi?id=32582(3ff69d7a-14f2-4f67-a097-88dee7810d18)
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2025-0001(3ff69d7a-14f2-4f67-a097-88dee7810d18)
https://sourceware.org/pipermail/libc-announce/2025/000044.html(3ff69d7a-14f2-4f67-a097-88dee7810d18)
https://www.openwall.com/lists/oss-security/2025/01/22/4(3ff69d7a-14f2-4f67-a097-88dee7810d18)
http://www.openwall.com/lists/oss-security/2025/01/22/4(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2025/01/23/2(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2025/04/13/1(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2025/04/24/7(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2025/04/msg00039.html(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20250228-0006/(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.