CVE-2025-8058

ADVISORY - nist

Summary

The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.

EPSS Score⁠: 0.00031 (0.082)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-415⁠

Double Free

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.