« List of all CVEs

CVE-2025-13601

Glib: integer overflow in in g_escape_uri_string()

Published: 11/26/2025 Last updated: 6/2/2026 Reserved: 11/24/2025

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version Score Severity Vector String
3.1 7.7 High CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Opam packages affected (1)

conf-glib-2

Products affected (79)

Product Vendor Version
Red Hat Discovery 2 Red Hat Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions
Red Hat Discovery 2 Red Hat < 7.3.5
Red Hat Discovery 2 Red Hat Windows 10 for x64-based Systems
Red Hat Discovery 2 Red Hat Windows 10 Version 1703 for 32-bit Systems
unspecified
Version 1511 for 32-bit Systems
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat n/a
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Red Hat Gog Galaxy 1.2.47 (macOS)
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat n/a
Red Hat Enterprise Linux 8.6 Telecommunications Update Service Red Hat unspecified
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat n/a
Red Hat Enterprise Linux 8.8 Telecommunications Update Service Red Hat < 66.0.3359.117
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat All versions before 3.0 Patch Update 12, 4.0 Patch Update 2, 5.0
Red Hat Enterprise Linux 9 Red Hat 7 for 32-bit Systems Service Pack 1
Red Hat Enterprise Linux 9 Red Hat 7 for x64-based Systems Service Pack 1
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Red Hat 18.2R3
Red Hat Enterprise Linux 9.4 Extended Update Support Red Hat Windows 10 for x64-based Systems
Red Hat Enterprise Linux 9.6 Extended Update Support Red Hat 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Red Hat 18.4R2
Red Hat Enterprise Linux 10 Red Hat n/a
Red Hat Enterprise Linux 10.0 Extended Update Support Red Hat FreeBSD 11.2 before 11.2-RELEASE-p7 and 12.0 before 12.0-RELEASE-p1
Red Hat Enterprise Linux 7 Extended Lifecycle Support Red Hat n/a
Red Hat Enterprise Linux 8 Red Hat unspecified
Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat prior to 1.2.0
Red Hat Enterprise Linux 6 Red Hat Multiple versions.
Red Hat Enterprise Linux 10 Red Hat unspecified
Red Hat Enterprise Linux 10.0 Extended Update Support Red Hat Version 1511 for x64-based Systems
Red Hat Enterprise Linux 7 Extended Lifecycle Support Red Hat Versions prior to: iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1
Red Hat Enterprise Linux 8 Red Hat Version 1607 for 32-bit Systems
Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat n/a
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat n/a
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Red Hat 10.3.1 and below
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Version 1703 for 32-bit Systems
Red Hat Enterprise Linux 8.6 Telecommunications Update Service Red Hat Version 1703 for x64-based Systems
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Version 1709 for 32-bit Systems
Red Hat Enterprise Linux 8.8 Telecommunications Update Service Red Hat 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Version 1709 for x64-based Systems
Red Hat Enterprise Linux 9 Red Hat 11.1.1.8.0
Red Hat Enterprise Linux 9 Red Hat Version 4.00.04 and prior.
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Red Hat 5.0
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Red Hat 5.5
Red Hat Enterprise Linux 9.4 Extended Update Support Red Hat 6.0
Red Hat Enterprise Linux 9.6 Extended Update Support Red Hat Versions prior to: iOS 12, tvOS 12, watchOS 5
Red Hat Enterprise Linux 6 Red Hat , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier versions
Red Hat Hardened Images Red Hat 2008 for 32-bit Systems Service Pack 2 (Core installation)
Red Hat Hardened Images Red Hat Windows 10 Version 1607 for 32-bit Systems
Red Hat Insights proxy 1.5 Red Hat n/a
Red Hat Insights proxy 1.5 Red Hat Windows 10 Version 1703 for 32-bit Systems
Red Hat Enterprise Linux 10 Red Hat n/a
Red Hat Enterprise Linux 8 Red Hat All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0
Red Hat Enterprise Linux 9 Red Hat Windows 10 for 32-bit Systems
Red Hat Enterprise Linux 10 Red Hat n/a
Red Hat Enterprise Linux 9 Red Hat n/a
Red Hat Enterprise Linux 8 Red Hat 2008 for 32-bit Systems Service Pack 2
Red Hat Ceph Storage 8 Red Hat 2008 R2 for x64-based Systems Service Pack 1
Red Hat Ceph Storage 8 Red Hat n/a
Red Hat OpenShift Container Platform 4.14 Red Hat Cisco SD-WAN Solution unknown
Red Hat OpenShift Container Platform 4.16 Red Hat < 58
Red Hat OpenShift Container Platform 4.17 Red Hat n/a
Red Hat OpenShift Container Platform 4.18 Red Hat n/a
Red Hat OpenShift Container Platform 4.19 Red Hat n/a
Red Hat OpenShift Container Platform 4.15 Red Hat Windows 10 Version 1607 for 32-bit Systems
Red Hat OpenShift Container Platform 4.16 Red Hat 2008 R2 for Itanium-Based Systems Service Pack 1
Red Hat OpenShift Container Platform 4.17 Red Hat < 7.2.18
Red Hat OpenShift Container Platform 4.18 Red Hat Windows 10 Version 1607 for x64-based Systems
Red Hat OpenShift Container Platform 4.14 Red Hat 19.2R1
Red Hat OpenShift Container Platform 4.13 Red Hat < 7.1.29
Red Hat OpenShift Container Platform 4.12 Red Hat n/a
Red Hat OpenShift Container Platform 4.12 Red Hat All versions
Red Hat OpenShift Container Platform 4.13 Red Hat n/a
Red Hat OpenShift Container Platform 4.15 Red Hat 9.2.0.9297
Red Hat Update Infrastructure 5 Red Hat Windows 10 Version 1703 for x64-based Systems
Red Hat Update Infrastructure 5 Red Hat n/a
Red Hat Update Infrastructure 5 Red Hat Windows 10 Version 1703 for x64-based Systems
Red Hat Update Infrastructure 5 Red Hat 0.9.3 to 0.12.0
Red Hat Update Infrastructure 5 Red Hat 2008 for Itanium-Based Systems Service Pack 2
Red Hat Update Infrastructure 5 Red Hat n/a
Red Hat Update Infrastructure 5 Red Hat < 16.09.03
Red Hat Update Infrastructure 5 Red Hat Windows 10 Version 1709 for 32-bit Systems

References (66)