CVE-2025-8058

The regcomp function in the GNU C library version from 2.4 to 2.41 is 
subject to a double free if some previous allocation fails. It can be 
accomplished either by a malloc failure or by using an interposed malloc
 that injects random malloc failures. The double free can allow buffer 
manipulation depending of how the regex is constructed. This issue 
affects all architectures and ABIs supported by the GNU C library.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
glibcCNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Debian logo
Debian Releases
Debian Product
Codename
glibc
bullseye
postponed
bullseye (security)
vulnerable
bookworm
2.36-9+deb12u13
fixed
bookworm (security)
vulnerable
forky
2.41-12
fixed
sid
2.41-12
fixed
trixie
2.41-12
fixed
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://sourceware.org/bugzilla/show_bug.cgi?id=33185
https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f