← Voltar para CVEs
CVE-2025-0395
MEDIUM6.2
Descricao
When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.
Detalhes CVE
Pontuacao CVSS v3.16.2
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vetor de ataqueLOCAL
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado1/22/2025
Ultima modificacao2/4/2026
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-131
Referencias
https://sourceware.org/bugzilla/show_bug.cgi?id=32582(3ff69d7a-14f2-4f67-a097-88dee7810d18)
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2025-0001(3ff69d7a-14f2-4f67-a097-88dee7810d18)
https://sourceware.org/pipermail/libc-announce/2025/000044.html(3ff69d7a-14f2-4f67-a097-88dee7810d18)
https://www.openwall.com/lists/oss-security/2025/01/22/4(3ff69d7a-14f2-4f67-a097-88dee7810d18)
http://www.openwall.com/lists/oss-security/2025/01/22/4(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2025/01/23/2(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2025/04/13/1(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2025/04/24/7(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2025/04/msg00039.html(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20250228-0006/(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.