CVE-2025-8058

EUVD-2025-22469
The regcomp function in the GNU C library version from 2.4 to 2.41 is 
subject to a double free if some previous allocation fails. It can be 
accomplished either by a malloc failure or by using an interposed malloc
 that injects random malloc failures. The double free can allow buffer 
manipulation depending of how the regex is constructed. This issue 
affects all architectures and ABIs supported by the GNU C library.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
glibc
bookworm
2.36-9+deb12u13
fixed
bookworm (security)
vulnerable
bullseye
postponed
bullseye (security)
vulnerable
forky
2.42-13
fixed
sid
2.42-13
fixed
trixie
2.41-12+deb13u1
fixed
Common Weakness Enumeration
References
https://sourceware.org/bugzilla/show_bug.cgi?id=33185
https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f
http://www.openwall.com/lists/oss-security/2025/07/23/1