« List of all CVEs

CVE-2025-6052

Glib: integer overflow in g_string_maybe_expand() leading to potential buffer overflow in glib gstring

Published: 6/13/2025 Last updated: 11/7/2025 Reserved: 6/13/2025

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version Score Severity Vector String
3.1 3.7 Low CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Opam packages affected (1)

conf-glib-2

Products affected (27)

Product Vendor Version
Red Hat Enterprise Linux 10 Red Hat 12.2(33)SB3
Red Hat Enterprise Linux 10 Red Hat 15.8(3)M9
Red Hat Enterprise Linux 9 Red Hat 4.3.2.1
Red Hat Enterprise Linux 9 Red Hat < 91.5
Red Hat Enterprise Linux 7 Red Hat n/a
Red Hat Enterprise Linux 8 Red Hat 12.2(33)SB6
Red Hat Enterprise Linux 10 Red Hat nyc-mr1-dev
Red Hat Enterprise Linux 8 Red Hat <= 3.9.4
Red Hat Enterprise Linux 9 Red Hat <= 6.5.13.0
Red Hat Enterprise Linux 7 Red Hat 15.9(3)M0a
Red Hat Enterprise Linux 6 Red Hat 1.2.0.14(408)
Red Hat Enterprise Linux 9 Red Hat Windows 10 for x64-based Systems
Red Hat Enterprise Linux 6 Red Hat n/a
Red Hat Enterprise Linux 10 Red Hat 12.2(33)SB9
Red Hat Enterprise Linux 10 Red Hat n/a
Red Hat Enterprise Linux 9 Red Hat <= 9.5.1
Red Hat Enterprise Linux 8 Red Hat 12.2(33)SB5
Red Hat Enterprise Linux 9 Red Hat n/a
Red Hat Enterprise Linux 8 Red Hat Windows 10 for 32-bit Systems
Red Hat Enterprise Linux 10 Red Hat nyc-mr2-dev
Red Hat Enterprise Linux 10 Red Hat 15.9(3)M
Red Hat Enterprise Linux 8 Red Hat 12.2(33)SB8
Red Hat Enterprise Linux 8 Red Hat 15.9(3)M2
Red Hat Enterprise Linux 9 Red Hat 12.2(33)SB2
Red Hat Enterprise Linux 10 Red Hat n/a
Red Hat Enterprise Linux 10 Red Hat 15.9(3)M1
Red Hat Enterprise Linux 10 Red Hat 12.2(33)SB10

References (4)

Credits (2)