Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-6052

Опубликовано: 13 июн. 2025
Источник: redhat
CVSS3: 3.7

Описание

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.

Отчет

The Red Hat Product Security team has assessed the severity of this vulnerability as Low, based on the high complexity required to trigger it and the limited impact. Exploitation requires unusually large string allocations, which are typically restricted in real-world deployments. However, under specific conditions where untrusted input is appended to a GString without size checks, a remote attacker could cause a crash or memory corruption, resulting in a denial of service (DoS) for the affected application.

Меры по смягчению последствий

Currently, no mitigation is available for this vulnerability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10bootcNot affected
Red Hat Enterprise Linux 10glib2Fix deferred
Red Hat Enterprise Linux 10glycin-loadersNot affected
Red Hat Enterprise Linux 10loupeNot affected
Red Hat Enterprise Linux 10mingw-glib2Fix deferred
Red Hat Enterprise Linux 10rpm-ostreeNot affected
Red Hat Enterprise Linux 6glib2Not affected
Red Hat Enterprise Linux 7glib2Not affected
Red Hat Enterprise Linux 8glib2Not affected
Red Hat Enterprise Linux 8librsvg2Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=2372666glib: Integer overflow in g_string_maybe_expand() leading to potential buffer overflow in GLib GString

3.7 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-6052

CVSS3: 3.7
ubuntu
3 дня назад

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.

nvd логотип

CVE-2025-6052

CVSS3: 3.7
nvd
5 дней назад

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.

debian логотип

CVE-2025-6052

CVSS3: 3.7
debian
5 дней назад

A flaw was found in how GLib\u2019s GString manages memory when adding ...

github логотип

GHSA-99rj-3595-5frj

CVSS3: 3.7
github
5 дней назад

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.

3.7 Low

CVSS3