PT-2025-7471 · Google+5 · Abseil-Cpp+5

Dmitry Vyukov

Publicado

2025-02-21

Atualizado

2026-02-18

CVE-2025-0838

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Abseil versions prior to commit 5a0e2cb5e3958dd90bb8569a2766622cb74d90c1 Abseil versions prior to 20230802.1-4ubuntu1.2 Abseil versions prior to 0~20200923.3-2+deb11u1

Description Abseil-cpp contains a heap buffer overflow issue. The sized constructors, reserve(), and rehash() methods of absl::{flat,node}hash{set,map} did not enforce a limit on the size of their input argument. This allowed a malicious actor to provide a large size, causing an integer overflow when calculating the container's backing store size, leading to an out-of-bounds memory write. Subsequent access to the container could also result in out-of-bounds memory access. The issue could potentially allow an attacker to cause a denial of service or memory corruption.

Recommendations Upgrade to a version past commit 5a0e2cb5e3958dd90bb8569a2766622cb74d90c1. Upgrade to version 20230802.1-4ubuntu1.2. Upgrade to version 0~20200923.3-2+deb11u1.

Correção

RCE

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

AZL-76815

AZL-76853

AZL-76968

AZL-77043

BDU:2025-10265

CVE-2025-0838

DLA-4116-1

ECHO-BA22-656A-8E69

OESA-2025-1219

OPENSUSE-SU-2025:15473-1

SUSE-SU-2026:0190-1

SUSE-SU-2026:0338-1

SUSE-SU-2026:0381-1

SUSE-SU-2026:0412-1

SUSE-SU-2026:0576-1

SUSE-SU-2026:20268-1

SUSE-SU-2026:20361-1

USN-7505-1

Produtos afetados

Abseil-Cpp

Astra Linux

Debian

Linuxmint

Red Os

Ubuntu

PT-2025-7471 · Google+5 · Abseil-Cpp+5

CVE-2025-0838

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 49