CVE-2025-0395

When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.

References

Affected packages

Debian:11 / glibc

Package

Name: glibc
Purl: pkg:deb/debian/glibc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.31-13+deb11u12

Affected versions

2.*

2.31-13

2.31-13+deb11u1

2.31-13+deb11u2

2.31-13+deb11u3

2.31-13+deb11u4

2.31-13+deb11u5

2.31-13+deb11u6

2.31-13+deb11u7

2.31-13+deb11u8

2.31-13+deb11u9

2.31-13+deb11u10

2.31-13+deb11u11

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / glibc

Package

Name: glibc
Purl: pkg:deb/debian/glibc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.36-9+deb12u10

Affected versions

2.*

2.36-9

2.36-9+deb12u1

2.36-9+deb12u2

2.36-9+deb12u3

2.36-9+deb12u4

2.36-9+deb12u5

2.36-9+deb12u6

2.36-9+deb12u7

2.36-9+deb12u8

2.36-9+deb12u9

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / glibc

Package

Name: glibc
Purl: pkg:deb/debian/glibc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.40-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}