CVE-2025-15281

ADVISORY - nist

Summary

Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.

EPSS Score⁠: 0.00052 (0.163)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-908⁠

Use of Uninitialized Resource

ADVISORY - redhat

CWE-908⁠

Use of Uninitialized Resource

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.