CVE-2025-0395

CWE-13110 documents8 sources
Severity
6.2MEDIUM
EPSS
0.1%
top 78.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
THE GNU C Library Glibc
Timeline
PublishedJan 22
Latest updateJul 15

Description

When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.5 | Impact: 3.6

Affected Packages2 packages

CVEListV5the_gnu_c_library/glibc2.132.40
Debianglibc< 2.31-13+deb11u12+3

🔴Vulnerability Details

3
OSV
CVE-2025-0395: When the assert() function in the GNU C Library versions 22025-01-22
CVEList
CVE-2025-0395: When the assert() function in the GNU C Library versions 22025-01-22
GHSA
GHSA-4xpw-6594-8f5m: When the assert() function in the GNU C Library versions 22025-01-22

📋Vendor Advisories

6
Oracle
Oracle Oracle Communications Risk Matrix: Signaling (glibc) — CVE-2025-03952025-07-15
Ubuntu
GNU C Library vulnerability2025-02-10
Ubuntu
GNU C Library vulnerability2025-02-10
Ubuntu
GNU C Library vulnerability2025-02-06
Red Hat
glibc: buffer overflow in the GNU C Library's assert()2025-01-22
CVE-2025-0395 (MEDIUM CVSS 6.2) | When the assert() function in the G | cvebase.io