CVE-2025-0395

Отчет

The bug is with glib assert() function that is typically used to identify logic errors in programs. The specific vulnerability stems in not enough being allocated to fit an arbitrary length error statement that is passed to the assert() function. The lack of any check on the string length causes the buffer overflow. Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-131: Incorrect Calculation of Buffer Size vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low. Secure baseline configurations establish a hardened environment, while rigorous testing practices (e.g., SAST, DAST) identify and address memory vulnerabilities before code reaches production. Malicious code protections further reduce risk by detecting, blocking, and responding to exploitation attempts. The platform runs on OS versions that inherit security features from RHEL, such as SELinux and Address Space Layout Randomization (ASLR). Least functionality and process isolation reduce the attack surface by disabling unauthorized services and containing any corruption within the originating process, preventing broader system impact.