lib/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2025-12-24 17:51:17 +03:00
Code Activity

Advisory text for CVE-2025-8058

Browse Source 
The fix is already installed (7ea06e9940).

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
This commit is contained in:
Adhemerval Zanella
2025-07-23 16:09:19 -03:00
parent 1944817240
commit 3ff17af18c
1 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
advisories/GLIBC-SA-2025-0005 Normal file
View File

@@ -0,0 +1,14 @@
posix: Fix double-free after allocation failure in regcomp
The regcomp function in the GNU C library version from 2.4 to 2.41 is
subject to a double free if some previous allocation fails. It can be
accomplished either by a malloc failure or by using an interposed
malloc that injects random malloc failures. The double free can allow
buffer manipulation depending of how the regex is constructed.
This issue affects all architectures and ABIs supported by the GNU C
library.
CVE-Id: CVE-2025-8058
Public-Date: 2025-07-22
Vulnerable-Commit: 963d8d782fc98fb6dc3a66f0068795f9920c269d (2.3.3-1596)
Fix-Commit: 7ea06e994093fa0bcca0d0ee2c1db271d8d7885d (2.42)