Описание
When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.
A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the assert() function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.
Отчет
The bug is with glib assert() function that is typically used to identify logic errors in programs. The specific vulnerability stems in not enough being allocated to fit an arbitrary length error statement that is passed to the assert() function. The lack of any check on the string length causes the buffer overflow.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | glibc | Not affected | ||
| Red Hat Enterprise Linux 6 | compat-glibc | Out of support scope | ||
| Red Hat Enterprise Linux 6 | glibc | Out of support scope | ||
| Red Hat Enterprise Linux 7 | compat-glibc | Out of support scope | ||
| Red Hat Enterprise Linux 7 | glibc | Will not fix | ||
| Red Hat OpenShift Container Platform 4 | rhcos | Fix deferred | ||
| Red Hat Enterprise Linux 8 | glibc | Fixed | RHSA-2025:3828 | 14.04.2025 |
| Red Hat Enterprise Linux 8 | glibc | Fixed | RHSA-2025:3828 | 14.04.2025 |
| Red Hat Enterprise Linux 9 | glibc | Fixed | RHSA-2025:4244 | 28.04.2025 |
| Red Hat Enterprise Linux 9 | glibc | Fixed | RHSA-2025:4244 | 28.04.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.
When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.
When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.
When the assert() function in the GNU C Library versions 2.13 to 2.40 ...
EPSS
5.5 Medium
CVSS3