« List of all CVEs

CVE-2025-13601

Glib: integer overflow in in g_escape_uri_string()

Published: 11/26/2025 Last updated: 3/5/2026 Reserved: 11/24/2025

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version Score Severity Vector String
3.1 7.7 High CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Opam packages affected (1)

conf-glib-2

Products affected (35)

Product Vendor Version
Red Hat Discovery 2 Red Hat < 10.0.17763.8027
Red Hat Discovery 2 Red Hat < 10.0.20348.4405
Red Hat Enterprise Linux 8 Red Hat < 10.0.14393.7969
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat < 6.1.7601.27670
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Red Hat < 6.1.7601.27670
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat < 6.0.6003.23220
Red Hat Enterprise Linux 8.6 Telecommunications Update Service Red Hat < 6.0.6003.23220
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat < 6.2.9200.25423
Red Hat Enterprise Linux 8.8 Telecommunications Update Service Red Hat < 6.2.9200.25423
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat < 6.3.9600.22523
Red Hat Enterprise Linux 9 Red Hat < 6.3.9600.22523
Red Hat Enterprise Linux 9 Red Hat < 10.0.14393.7969
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Red Hat < 10.0.14393.7969
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Red Hat < 10.0.17763.7136
Red Hat Enterprise Linux 9.4 Extended Update Support Red Hat < 10.0.17763.7136
Red Hat Enterprise Linux 9.6 Extended Update Support Red Hat -
Red Hat Enterprise Linux 7 Extended Lifecycle Support Red Hat < 10.0.10240.20978
Red Hat Enterprise Linux 6 Red Hat < 10.0.26100.4652
Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat < 10.0.17763.7136
Red Hat Insights proxy 1.5 Red Hat < 10.0.25398.1965
Red Hat Enterprise Linux 9 Red Hat < 10.0.26100.4652
Red Hat Enterprise Linux 10 Red Hat < 10.0.22631.5624
Red Hat Enterprise Linux 8 Red Hat < 10.0.25398.1732
Red Hat Ceph Storage 8 Red Hat < 10.0.17763.8027
Red Hat OpenShift Container Platform 4.17 Red Hat < 10.0.22631.6199
Red Hat OpenShift Container Platform 4.16 Red Hat < 10.0.22631.6199
Red Hat OpenShift Container Platform 4.14 Red Hat < 10.0.19045.6575
Red Hat OpenShift Container Platform 4.19 Red Hat < 10.0.26200.7171
Red Hat OpenShift Container Platform 4.12 Red Hat < 10.0.17763.8027
Red Hat OpenShift Container Platform 4.13 Red Hat < 10.0.19044.6575
Red Hat OpenShift Container Platform 4.18 Red Hat < 10.0.26100.7171
Red Hat Update Infrastructure 5 Red Hat < 10.0.26100.7171
Red Hat Update Infrastructure 5 Red Hat < 10.0.26100.7171
Red Hat Update Infrastructure 5 Red Hat < 10.0.22621.5624
Red Hat Update Infrastructure 5 Red Hat < 10.0.22631.5624

References (28)