CVE-2025-4373 — Buffer Underflow in Azl3 Glib 2.78.6-3 ON Azure Linux 3.0

CWE-124 — Buffer Underflow9 documents9 sources

Severity

4.8MEDIUMNVD

EPSS

0.7%

top 26.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Glib2.0 Msrc Azl3 Glib 2.78.6-3 ON Azure Linux 3.0 Msrc Cbl2 Glib 2.71.0-5 ON CBL Mariner 2.0 +2 more

Timeline

PublishedMay 6

Latest updateOct 15

Description

A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:LExploitability: 2.2 | Impact: 2.5

Affected Packages5 packages

▶debiandebian/glib2.0< glib2.0 2.74.6-2+deb12u7 (bookworm)

▶msrcmsrc/azl3_glib_2.78.6-3_on_azure_linux_3.0

▶msrcmsrc/cbl2_glib_2.71.0-5_on_cbl_mariner_2.0

▶msrcmsrc/cbl2_glib_2.71.0-6_on_cbl_mariner_2.0

▶msrcmsrc/cbl2_glib_2.71.0-7_on_cbl_mariner_2.0

🔴Vulnerability Details

GHSA

GHSA-cfv9-2rgf-f55c: A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function↗2025-05-06

▶

OSV

CVE-2025-4373: A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function↗2025-05-06

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Risk Matrix: Configuration (glibc) — CVE-2025-4373↗2025-10-15

▶

CISA ICS

Siemens SIMATIC S7-1500 CPU Family↗2025-06-12

▶

Ubuntu

GLib vulnerability↗2025-05-26

▶

Microsoft

Glib: buffer underflow on glib through glib/gstring.c via function g_string_insert_unichar↗2025-05-13

▶

Red Hat

glib: Buffer Underflow on GLib through glib/gstring.c via function g_string_insert_unichar↗2025-05-06

▶