CVE-2025-0395

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-0395
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-0395.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-0395
Related
Published
2025-01-22T13:15:20Z
Modified
2025-04-25T03:03:54.214577Z
Downstream
Summary
[none]
Details

When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.

References

Affected packages

Debian:11 / glibc

Package

Name
glibc
Purl
pkg:deb/debian/glibc?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.31-13
2.31-13+deb11u1
2.31-13+deb11u2
2.31-13+deb11u3
2.31-13+deb11u4
2.31-13+deb11u5
2.31-13+deb11u6
2.31-13+deb11u7
2.31-13+deb11u8
2.31-13+deb11u9
2.31-13+deb11u10
2.31-13+deb11u11
2.31-13+hurd.1
2.31-13+hurd.2
2.31-13+hurd.3
2.31-13+qemu
2.31-14
2.31-15
2.31-16
2.31-17~0
2.31-17
2.31-18~0
2.32-0experimental0
2.32-0experimental1
2.32-1
2.32-2
2.32-2+qemu
2.32-3
2.32-4
2.32-5
2.33-0experimental0
2.33-0experimental1
2.33-0experimental2
2.33-0experimental3
2.33-1
2.33-1+qemu
2.33-2~0
2.33-2~1
2.33-2~2
2.33-2~3
2.33-2
2.33-2+qemu
2.33-2+qemu1
2.33-3~0
2.33-3
2.33-4
2.33-5
2.33-6
2.33-7
2.33-8~0
2.33-8
2.34-0experimental0
2.34-0experimental1
2.34-0experimental2
2.34-0experimental3
2.34-0experimental4
2.34-0experimental5
2.34-1
2.34-2
2.34-3
2.34-4
2.34-5~0
2.34-5
2.34-6
2.34-7
2.34-7+qemu
2.34-8~0
2.34-8
2.34-9~0
2.35-0experimental0
2.35-0experimental1
2.35-0experimental2
2.35-0experimental3
2.35-0experimental3+qemu
2.35-1
2.35-1+sparc64
2.35-2
2.35-3
2.35-4
2.36-1
2.36-2
2.36-3
2.36-4
2.36-4+ports
2.36-5
2.36-6
2.36-7~0
2.36-7~1
2.36-7
2.36-8
2.36-8+alpha1
2.36-9~1
2.36-9~2
2.36-9~3
2.36-9
2.36-9+loong64
2.36-10~0
2.37-1
2.37-2
2.37-3
2.37-4
2.37-5
2.37-6
2.37-7
2.37-8
2.37-9
2.37-10
2.37-11
2.37-12
2.37-13
2.37-14
2.37-15~deb13u1
2.37-15
2.37-15.1
2.37-15.1+sh4
2.37-16
2.37-17
2.37-18
2.37-19
2.38-1
2.38-2
2.38-3
2.38-4
2.38-5
2.38-6
2.38-7~0+hurd.1
2.38-7
2.38-8
2.38-9
2.38-10
2.38-11
2.38-12
2.38-12.1
2.38-13
2.38-14
2.38-15~0
2.38-15~1
2.39-1
2.39-2
2.39-3
2.39-3.1
2.39-4
2.39-5
2.39-6
2.39-6+hurd.1
2.39-6+sh4
2.39-7~0
2.39-7
2.39-7+sh4
2.39-8~0
2.40-1
2.40-2
2.40-2+sh4
2.40-3
2.40-3+sh4
2.40-4
2.40-5~hurd.1
2.40-5
2.40-6~1
2.40-6
2.40-7
2.41-1
2.41-2
2.41-3
2.41-4~0
2.41-4
2.41-5~0
2.41-5
2.41-6
2.41-7
2.41-8~0
2.41-8~1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / glibc

Package

Name
glibc
Purl
pkg:deb/debian/glibc?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.36-9+deb12u10

Affected versions

2.*

2.36-9
2.36-9+deb12u1
2.36-9+deb12u2
2.36-9+deb12u3
2.36-9+deb12u4
2.36-9+deb12u5
2.36-9+deb12u6
2.36-9+deb12u7
2.36-9+deb12u8
2.36-9+deb12u9

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / glibc

Package

Name
glibc
Purl
pkg:deb/debian/glibc?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.40-6

Affected versions

2.*

2.36-9
2.36-9+loong64
2.36-10~0
2.37-1
2.37-2
2.37-3
2.37-4
2.37-5
2.37-6
2.37-7
2.37-8
2.37-9
2.37-10
2.37-11
2.37-12
2.37-13
2.37-14
2.37-15~deb13u1
2.37-15
2.37-15.1
2.37-15.1+sh4
2.37-16
2.37-17
2.37-18
2.37-19
2.38-1
2.38-2
2.38-3
2.38-4
2.38-5
2.38-6
2.38-7~0+hurd.1
2.38-7
2.38-8
2.38-9
2.38-10
2.38-11
2.38-12
2.38-12.1
2.38-13
2.38-14
2.38-15~0
2.38-15~1
2.39-1
2.39-2
2.39-3
2.39-3.1
2.39-4
2.39-5
2.39-6
2.39-6+hurd.1
2.39-6+sh4
2.39-7~0
2.39-7
2.39-7+sh4
2.39-8~0
2.40-1
2.40-2
2.40-2+sh4
2.40-3
2.40-3+sh4
2.40-4
2.40-5~hurd.1
2.40-5
2.40-6~1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}