AZL-74819

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-74819.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-74819

Upstream

CVE-2025-15281

Published

2026-01-20T14:16:07Z

Modified

2026-04-21T04:38:47.643622Z

Summary

CVE-2025-15281 affecting package glibc for versions less than 2.38-18

Details

Calling wordexp with WRDEREUSE in conjunction with WRDEAPPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-15281

Affected packages

Azure Linux:3 / glibc

Package

Name: glibc
Purl: pkg:rpm/azure-linux/glibc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.38-18

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-74819.json"