CVE-2025-2588 — Improper Resource Shutdown or Release in Augeas

CWE-404 — Improper Resource Shutdown or Release CWE-476 — NULL Pointer Dereference CWE-415 — Double Free7 documents6 sources

Severity

4.8MEDIUMNVD

EPSS

0.2%

top 55.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Augeas Debian Augeas Hercules Augeas +4 more

Timeline

PublishedMar 21

Description

A vulnerability has been found in Hercules Augeas 1.14.1 and classified as problematic. This vulnerability affects the function re_case_expand of the file src/fa.c. The manipulation of the argument re leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages8 packages

▶CVEListV5hercules/augeas1.14.1

▶debiandebian/augeas< augeas 1.14.1-1.1 (forky)

▶Debianaugeas/augeas< 1.14.1-1.1~deb13u1+1

▶NVDaugeas/augeas1.14.1

▶msrcmsrc/azl3_augeas_1.12.0-6_on_azure_linux_3.0

🔴Vulnerability Details

GHSA

GHSA-hxwj-c5vw-fwgp: A vulnerability has been found in Hercules Augeas 1↗2025-03-21

▶

OSV

CVE-2025-2588: A vulnerability has been found in Hercules Augeas 1↗2025-03-21

▶

📋Vendor Advisories

Red Hat

augeas: Hercules Augeas fa.c re_case_expand null pointer dereference↗2025-03-21

▶

Microsoft

Hercules Augeas fa.c re_case_expand null pointer dereference↗2025-03-11

▶

Debian

CVE-2025-2588: augeas - A vulnerability has been found in Hercules Augeas 1.14.1 and classified as probl...↗2025

▶

Microsoft

It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.↗2024-01-09

▶