CVE-2025-6052

Glib: integer overflow in g_string_maybe_expand() leading to potential buffer overflow in glib gstring

Published: 6/13/2025 Last updated: 11/7/2025 Reserved: 6/13/2025

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	3.7	Low	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Opam packages affected (1)

conf-glib-2

Products affected (14)

Product	Vendor	Version
Red Hat Enterprise Linux 9	Red Hat	<= 5.10.*
Red Hat Enterprise Linux 7	Red Hat	< c0039e3afda29be469d29b3013d7f9bdee136834
Red Hat Enterprise Linux 9	Red Hat	<= 5.15.*
Red Hat Enterprise Linux 8	Red Hat	< f591cf9fce724e5075cc67488c43c6e39e8cbe27
Red Hat Enterprise Linux 6	Red Hat	< bd8c9404e44adb9f6219c09b3409a61ab7ce3427
Red Hat Enterprise Linux 10	Red Hat	< 80cf68489681c165ded460930e391b1eb37b5f6f
Red Hat Enterprise Linux 10	Red Hat	< acfde9400e611c8d2668f1c70053c4a1d6ecfc36
Red Hat Enterprise Linux 8	Red Hat	3.6
Red Hat Enterprise Linux 9	Red Hat	<= 6.1.*
Red Hat Enterprise Linux 10	Red Hat	< 8312a1ccff1566f375191a89b9ba71b6eb48a8cd
Red Hat Enterprise Linux 10	Red Hat	< 59614c5acf6688f7af3c245d359082c0e9e53117
Red Hat Enterprise Linux 8	Red Hat	< 3.6
Red Hat Enterprise Linux 9	Red Hat	<= 6.6.*
Red Hat Enterprise Linux 10	Red Hat	< ca85c2d0db5f8309832be45858b960d933c2131c

References (4)

Credits (2)

Red Hat would like to thank Philip Withnall for reporting this issue.
Red Hat would like to thank Philip Withnall for reporting this issue.