7.7

CVE-2025-13601

Medienbericht
Exploit

Glib: integer overflow in in g_escape_uri_string()

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatCodeready Linux Builder Version9.0 HwPlatformaarch64
RedhatEnterprise Linux For Arm 64 Version9.0 HwPlatformaarch64
RedhatCodeready Linux Builder For Arm64 Version10.0 HwPlatformaarch64
RedhatEnterprise Linux For Arm 64 Version10.0 HwPlatformaarch64
RedhatCodeready Linux Builder For Arm64 Version8.0 HwPlatformaarch64
RedhatEnterprise Linux For Arm 64 Version8.0 HwPlatformaarch64
RedhatEnterprise Linux For Arm 64 Version9.2 HwPlatformaarch64
RedhatCodeready Linux Builder For Arm64 Eus Version9.4 HwPlatformaarch64
RedhatEnterprise Linux For Arm 64 Version9.4 HwPlatformaarch64
RedhatCodeready Linux Builder For Arm64 Eus Version10.0 HwPlatformaarch64
RedhatEnterprise Linux For Arm 64 Eus Version10.0 HwPlatformaarch64
RedhatCodeready Linux Builder For Arm64 Version9.6 HwPlatformaarch64
RedhatEnterprise Linux For Arm 64 Version9.6 HwPlatformaarch64
RedhatCeph Storage Version8.0
RedhatDiscovery Version2.0
GnomeGlib Version < 2.86.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.31% 0.222
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 7.7 2.5 5.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
02.03.2026 10:09
https://access.redhat.com/security/cve/CVE-2025-13601
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2416741
Vendor Advisory
Issue Tracking
https://gitlab.gnome.org/GNOME/glib/-/issues/3827
Exploit
Issue Tracking
https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:0936
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:0975
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:0991
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1323
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1327
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1324
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1326
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1465
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1608
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1625
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1627
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1624
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1626
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1652
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1736
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:2485
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:2072
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:2563
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:2064
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:2659
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:2633
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:2671
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:2974
https://access.redhat.com/errata/RHSA-2026:3415
https://access.redhat.com/errata/RHSA-2026:4419
https://access.redhat.com/errata/RHSA-2026:7461
https://access.redhat.com/errata/RHSA-2026:18344
https://access.redhat.com/errata/RHSA-2026:18705
https://cert-portal.siemens.com/productcert/html/ssa-253495.html