CVE-2025-15281

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions GNU C Library versions 2.0 through 2.42

Description Using the wordexp function with WRDE REUSE and WRDE APPEND together in the GNU C Library can lead to the function returning uninitialized memory in the we wordv member. Subsequent calls to wordfree may then cause the process to terminate.

Recommendations Avoid using WRDE REUSE in conjunction with WRDE APPEND when calling the wordexp function.

Fix

DoS

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-908

Related Identifiers

ALSA-2026:2786

ALSA-2026:4772

AZL-74819

AZL-75023

BDU:2026-05135

CVE-2025-15281

ECHO-E3DC-79C7-C66D

MGASA-2026-0022

OESA-2026-1265

OESA-2026-1266

OPENSUSE-SU-2026:10662-1

OPENSUSE-SU-2026:20133-1

RHSA-2026:18139

RHSA-2026:2786

RHSA-2026:4772

RHSA-2026:7316

SUSE-SU-2026:0371-1

SUSE-SU-2026:0680-1

SUSE-SU-2026:0896-1

SUSE-SU-2026:20178-1

SUSE-SU-2026:20198-1

SUSE-SU-2026:20527-1

SUSE-SU-2026:20536-1

USN-8005-1

Affected Products

Gnu C Library

Linuxmint

Red Os

Rocky Linux

Ubuntu

CVE-2025-15281

Weakness Enumeration

Related Identifiers

Affected Products

References · 92