CVE-2025-0395

ADVISORY - debian

Summary

When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.

glibc 2.40-6 [bookworm] - glibc 2.36-9+deb12u10 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://www.openwall.com/lists/oss-security/2025/01/22/4 Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7d4b6bcae91f29d7b4daf15bab06b66cf1d2217c (2.40-branch) Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7971add7ee4171fdd8dfd17e7c04c4ed77a18845 (2.36-branch) https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2025-0001 https://sourceware.org/pipermail/libc-announce/2025/000044.html

EPSS Score⁠: 0.00175 (0.398)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-131⁠

Incorrect Calculation of Buffer Size

ADVISORY - redhat

CWE-131⁠

Incorrect Calculation of Buffer Size

Impacted images

Advisories

Debian

CREATED

4 months ago

UPDATED

17 days ago

ADVISORY IDCVE-2025-0395⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
debian/glibc	deb	debian	12	<2.36-9+deb12u10	2.36-9+deb12u10
debian/glibc	deb	debian	13	<2.40-6	2.40-6
debian/glibc	deb	debian	11	<2.31-13+deb11u12	2.31-13+deb11u12
debian/glibc	deb	debian	unstable	<2.40-6	2.40-6

Severity and metrics

No CVSS data available from this advisory.

NIST

CREATED

4 months ago

UPDATED

17 days ago

ADVISORY IDCVE-2025-0395⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-131⁠

CVSS SCORE

7.5high

Ubuntu

CREATED

4 months ago

UPDATED

10 days ago

ADVISORY IDCVE-2025-0395⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Alma

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY IDALSA-2025:3828⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Alma

CREATED

20 days ago

UPDATED

19 days ago

ADVISORY IDALSA-2025:4244⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Amazon

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY IDALAS2-2025-2828⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Red Hat

CREATED

4 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2025-0395⁠

EXPLOITABILITY SCORE

0.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-131⁠

CVSS SCORE

5.5medium

Oracle

CREATED

19 days ago

UPDATED

19 days ago

ADVISORY IDELSA-2025-20300⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Oracle

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY IDELSA-2025-3828⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Oracle

CREATED

20 days ago

UPDATED

20 days ago

ADVISORY IDELSA-2025-4244⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Chainguard

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY ID

CGA-7gh9-w86h-98jh

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY