CVE-2025-13601

CWE-190Integer Overflow11 documents8 sources
Severity
7.7HIGH
EPSS
0.0%
top 98.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
29
Gnome GlibRedhat Ceph StorageRedhat Codeready Linux Builder+26 more
Timeline
PublishedNov 26
Latest updateFeb 10

Description

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 2.5 | Impact: 5.2

Affected Packages6 packages

NVDgnome/glib< 2.86.3
Debianglib2.0< 2.66.8-1+deb11u7+3
Ubuntuglib2.0< 2.72.4-0ubuntu2.7+2

Also affects: Enterprise Linux 10.0, 8.0, 9.0, 9.2, 9.4, 9.6, 8.6, 8.8, 8.4, 8.2, Openshift Container Platform 4.12, 4.16, 4.17, 4.18, 4.19

🔴Vulnerability Details

5
OSV
glib2.0 vulnerabilities2026-02-10
OSV
glib2.0 vulnerabilities2026-01-06
GHSA
GHSA-v6c5-9mp4-mwq4: A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function2025-11-26
OSV
CVE-2025-13601: A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function2025-11-26
CVEList
Glib: integer overflow in in g_escape_uri_string()2025-11-26

📋Vendor Advisories

5
Ubuntu
GLib vulnerabilities2026-02-10
Ubuntu
GLib vulnerabilities2026-01-06
Red Hat
glib: Integer overflow in in g_escape_uri_string()2025-11-24
Microsoft
Glib: integer overflow in in g_escape_uri_string()2025-11-11
Debian
CVE-2025-13601: glib2.0 - A heap-based buffer overflow problem was found in glib through an incorrect calc...2025