PT-2025-3866 · Gnu+11 · Gnu C Library+11

Published

2025-01-10

·

Updated

2026-02-04

·

CVE-2025-0395

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions GNU C Library versions 2.13 through 2.40
Description The issue is related to the assert() function in the GNU C Library, which fails to allocate sufficient space for the assertion failure message string and size information. This may lead to a buffer overflow if the message string size aligns with the page size. The buffer overflow is mmap-based and limited to at most an off-by-four bytes, with the attacker not having control over the four bytes that overflow the buffer.
Recommendations For GNU C Library versions 2.13 through 2.40, consider disabling the assert() function as a temporary workaround until a patch is available. Restrict access to the assert() function to minimize the risk of exploitation. Avoid using the assert() function in critical code paths until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Weakness Enumeration

CWE-131

Related Identifiers

ALSA-2025:3828
ALSA-2025:4244
ALT-PU-2025-2037
ALT-PU-2025-8020
ALT-PU-2025-8030
ALT-PU-2025-8032
AZL-55937
AZL-55965
BDU:2025-01120
CESA-2025_3828
CVE-2025-0395
DLA-4143-1
ECHO-3BF9-421A-E851
INFSA-2025_3828
INFSA-2025_4244
MGASA-2025-0026
OESA-2025-1242
OPENSUSE-SU-2025:14851-1
OPENSUSE-SU-2025_0562-1
OPENSUSE-SU-2025_0582-1
OPENSUSE-SU-2026:20133-1
RHSA-2025:3828
RHSA-2025:4241
RHSA-2025:4242
RHSA-2025:4243
RHSA-2025:4244
RHSA-2025_3828
RHSA-2025_4244
SUSE-SU-2025:0510-1
SUSE-SU-2025:0562-1
SUSE-SU-2025:0582-1
SUSE-SU-2025:20135-1
SUSE-SU-2025:20236-1
SUSE-SU-2025_0510-1
SUSE-SU-2025_0562-1
SUSE-SU-2025_0582-1
SUSE-SU-2026:20178-1
SUSE-SU-2026:20198-1
USN-7259-1
USN-7259-2
USN-7259-3

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Gnu C Library
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu