CVE-2025-5702

CWE-665 CWE-404 CWE-416 — Use After Free9 documents8 sources

Severity

5.6MEDIUM

EPSS

0.3%

top 47.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Glibc THE GNU C Library Glibc

Timeline

PublishedJun 5

Latest updateJul 14

Description

The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 2.2 | Impact: 3.4

Affected Packages4 packages

▶CVEListV5the_gnu_c_library/glibc2.39

▶NVDgnu/glibc2.39 — 2.39-209+2

▶Debianglibc< 2.41-9+1

▶Ubuntuglibc< 2.39-0ubuntu8.5

🔴Vulnerability Details

OSV

glibc vulnerabilities↗2025-07-14

▶

OSV

CVE-2025-5702: The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2↗2025-06-05

▶

GHSA

GHSA-hqwp-qwfv-mhrx: The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2↗2025-06-05

▶

CVEList

CVE-2025-5702: The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2↗2025-06-05

▶

📋Vendor Advisories

Ubuntu

GNU C Library vulnerabilities↗2025-07-14

▶

Red Hat

glibc: Vector register overwrite bug in glibc↗2025-06-05

▶

Debian

CVE-2025-5702: glibc - The strcmp implementation optimized for the Power10 processor in the GNU C Libra...↗2025

▶

Microsoft

Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12.↗2024-06-11

▶