CVE-2025-0395

When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
glibcCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
Debian logo
Debian Releases
Debian Product
Codename
glibc
bullseye
vulnerable
bullseye (security)
2.31-13+deb11u13
fixed
bookworm
2.36-9+deb12u13
fixed
bookworm (security)
vulnerable
forky
2.41-12
fixed
trixie
2.41-12
fixed
sid
2.42-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
eglibc
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
trusty
Fixed 2.19-0ubuntu6.15+esm4
released
glibc
plucky
Fixed 2.41-1ubuntu1
released
oracular
Fixed 2.40-1ubuntu3.1
released
noble
Fixed 2.39-0ubuntu8.4
released
jammy
Fixed 2.35-0ubuntu3.9
released
focal
Fixed 2.31-0ubuntu9.17
released
bionic
Fixed 2.27-3ubuntu1.6+esm4
released
xenial
Fixed 2.23-0ubuntu11.3+esm8
released
Common Weakness Enumeration
References
https://sourceware.org/bugzilla/show_bug.cgi?id=32582
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2025-0001
https://sourceware.org/pipermail/libc-announce/2025/000044.html
https://www.openwall.com/lists/oss-security/2025/01/22/4
http://www.openwall.com/lists/oss-security/2025/01/22/4
http://www.openwall.com/lists/oss-security/2025/01/23/2
http://www.openwall.com/lists/oss-security/2025/04/13/1
http://www.openwall.com/lists/oss-security/2025/04/24/7
https://lists.debian.org/debian-lts-announce/2025/04/msg00039.html
https://security.netapp.com/advisory/ntap-20250228-0006/