CVE-2025-8058

CVSS v4.0

5.9

Medium

Vector

AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions GNU C Library versions 2.4 through 2.41

Description The regcomp function is subject to a double free if a previous allocation fails. This can occur due to a malloc failure or through the use of an interposed malloc that introduces allocation failures. The double free can potentially allow buffer manipulation depending on the construction of the regular expression. This issue affects all supported architectures and ABIs.

Recommendations Versions prior to 2.41 are recommended.

Fix

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

ALSA-2025:12980

ALSA-2025:13240

AZL-68609

BDU:2025-16181

CESA-2025_12980

CVE-2025-8058

ECHO-086F-BAE8-9025

INFSA-2025_12748

INFSA-2025_12980

MGASA-2025-0220

OESA-2025-2043

OESA-2025-2044

OESA-2025-2045

OESA-2025-2046

OESA-2025-2047

OESA-2025-2064

OPENSUSE-SU-2025:15459-1

RHSA-2025:12748

RHSA-2025:12980

RHSA-2025:13240

RHSA-2025_12748

RHSA-2025_12980

SUSE-SU-2025:02964-1

SUSE-SU-2025_02964-1

SUSE-SU-2026:0680-1

SUSE-SU-2026:0896-1

SUSE-SU-2026:20527-1

SUSE-SU-2026:20536-1

USN-7760-1

USN-8005-1

Affected Products

Almalinux

Centos

Debian

Gnu C Library

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

CVE-2025-8058

Weakness Enumeration

Related Identifiers

Affected Products

References · 77