CVE-2025-13601

Glib: integer overflow in in g_escape_uri_string()

Published: 11/26/2025 Last updated: 4/19/2026 Reserved: 11/24/2025

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	7.7	High	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Opam packages affected (1)

conf-glib-2

Products affected (79)

Product	Vendor	Version
Red Hat Discovery 2	Red Hat	n/a
Red Hat Discovery 2	Red Hat	n/a
Red Hat Discovery 2	Red Hat	n/a
Red Hat Discovery 2	Red Hat	n/a
		n/a
Red Hat Enterprise Linux 8.2 Advanced Update Support	Red Hat	n/a
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Red Hat	n/a
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	Red Hat	n/a
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Red Hat	n/a
Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Red Hat	n/a
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Red Hat	n/a
Red Hat Enterprise Linux 8.8 Telecommunications Update Service	Red Hat	n/a
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	Red Hat	n/a
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Red Hat	n/a
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	Red Hat	n/a
Red Hat Enterprise Linux 9.4 Extended Update Support	Red Hat	n/a
Red Hat Enterprise Linux 9.6 Extended Update Support	Red Hat	n/a
Red Hat Enterprise Linux 10	Red Hat	n/a
Red Hat Enterprise Linux 10.0 Extended Update Support	Red Hat	n/a
Red Hat Enterprise Linux 7 Extended Lifecycle Support	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	n/a
Red Hat Enterprise Linux 6	Red Hat	n/a
Red Hat Hardened Images	Red Hat	n/a
Red Hat Enterprise Linux 10	Red Hat	n/a
Red Hat Enterprise Linux 10.0 Extended Update Support	Red Hat	n/a
Red Hat Enterprise Linux 7 Extended Lifecycle Support	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	n/a
Red Hat Enterprise Linux 8.2 Advanced Update Support	Red Hat	n/a
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Red Hat	13.0
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	Red Hat	n/a
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Red Hat	n/a
Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Red Hat	n/a
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Red Hat	n/a
Red Hat Enterprise Linux 8.8 Telecommunications Update Service	Red Hat	n/a
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	Red Hat	n/a
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Red Hat	n/a
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	Red Hat	n/a
Red Hat Enterprise Linux 9.4 Extended Update Support	Red Hat	n/a
Red Hat Enterprise Linux 9.6 Extended Update Support	Red Hat	n/a
Red Hat Enterprise Linux 6	Red Hat	n/a
Red Hat Hardened Images	Red Hat	n/a
Red Hat Insights proxy 1.5	Red Hat	n/a
Red Hat Insights proxy 1.5	Red Hat	n/a
Red Hat Enterprise Linux 10	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	n/a
Red Hat Enterprise Linux 10	Red Hat	<= 4.2.1
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	n/a
Red Hat Ceph Storage 8	Red Hat	n/a
Red Hat Ceph Storage 8	Red Hat	n/a
Red Hat OpenShift Container Platform 4.17	Red Hat	n/a
Red Hat OpenShift Container Platform 4.19	Red Hat	n/a
Red Hat OpenShift Container Platform 4.13	Red Hat	n/a
Red Hat OpenShift Container Platform 4.12	Red Hat	n/a
Red Hat OpenShift Container Platform 4.16	Red Hat	n/a
Red Hat OpenShift Container Platform 4.17	Red Hat	n/a
Red Hat OpenShift Container Platform 4.18	Red Hat	n/a
Red Hat OpenShift Container Platform 4.19	Red Hat	n/a
Red Hat OpenShift Container Platform 4.15	Red Hat	n/a
Red Hat OpenShift Container Platform 4.14	Red Hat	n/a
Red Hat OpenShift Container Platform 4.12	Red Hat	n/a
Red Hat OpenShift Container Platform 4.13	Red Hat	n/a
Red Hat OpenShift Container Platform 4.14	Red Hat	n/a
Red Hat OpenShift Container Platform 4.15	Red Hat	n/a
Red Hat OpenShift Container Platform 4.16	Red Hat	n/a
Red Hat OpenShift Container Platform 4.18	Red Hat	n/a
Red Hat Update Infrastructure 5	Red Hat	n/a
Red Hat Update Infrastructure 5	Red Hat	n/a
Red Hat Update Infrastructure 5	Red Hat	n/a
Red Hat Update Infrastructure 5	Red Hat	n/a
Red Hat Update Infrastructure 5	Red Hat	n/a
Red Hat Update Infrastructure 5	Red Hat	n/a
Red Hat Update Infrastructure 5	Red Hat	n/a
Red Hat Update Infrastructure 5	Red Hat	n/a

CVE-2025-13601

Glib: integer overflow in in g_escape_uri_string()

Metrics

Opam packages affected (1)

Products affected (79)

References (59)