CVE-2025-13601High
AST
AST
Astra Linux Security Bulletins
Astra publishes per-release bulletins that map upstream CVEs to their own package repositories, with remediation timelines tied to the certification level (SE 1.7, CE 2.12, etc.). Indispensable for systems that require ФСТЭК/ФСБ clearance.
Region
RU
Updates
24 ч
License
Открытые данные
Vendor security bulletins for Astra Linux Special Edition and Common Edition — the primary certified Linux OS for Russian defense and critical infrastructure.
https://wiki.astralinux.ru/pages/viewpage.action?pageId=27362056 →Share link
Anyone with the link can open this vulnerability.
A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() functio…
CVSS
7.7
High
EPSS
0.00
p19
Published
2025-01-01
Updated
2025-01-01
Description
A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.
Tags · CWE
CWE-190
CWE-190BaseStable
Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
https://cwe.mitre.org/data/definitions/190.html →Open in CWE collection →CAPEC-92
CAPEC-92DetailedDraft
Forced Integer Overflow
This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
https://capec.mitre.org/data/definitions/92.html →Open in CAPEC collection →Affected products
Ceph_storageDiscovery
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Timeline
2025-01-01
Published
2025-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: L
Local (L)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: N
None (N)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.003 · p19
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
Red Hat
Enterprise Linux Server AusEnterprise Linux Server TusOpenshift Container PlatformEnterprise Linux For Ibm Z SystemsEnterprise Linux For Power Little EndianEnterprise Linux For Power Little Endian EusEnterprise Linux For Ibm Z Systems EusEnterprise Linux For Arm 64Ceph StorageCodeready Linux Builder+18
| Product | Vendor | Status |
|---|---|---|
| glib2.0 | Tracked | |
| glib2.0 | Tracked | |
| glib2.0 | Tracked | |
| glib2.0 | Tracked | |
| glib2.0 | Tracked | |
| ceph_storage | * | Tracked |
| codeready_linux_builder | * | Tracked |
| codeready_linux_builder_for_arm64 | * | Tracked |
| codeready_linux_builder_for_arm64 | * | Tracked |
| codeready_linux_builder_for_arm64 | * | Tracked |
| codeready_linux_builder_for_arm64_eus | * | Tracked |
| codeready_linux_builder_for_arm64_eus | * | Tracked |
| codeready_linux_builder_for_ibm_z_systems | * | Tracked |
| codeready_linux_builder_for_ibm_z_systems | * | Tracked |
| codeready_linux_builder_for_ibm_z_systems | * | Tracked |
| codeready_linux_builder_for_ibm_z_systems | * | Tracked |
| codeready_linux_builder_for_ibm_z_systems | * | Tracked |
| codeready_linux_builder_for_ibm_z_systems_eus | * | Tracked |
| codeready_linux_builder_for_power_little_endian | * | Tracked |
| codeready_linux_builder_for_power_little_endian | * | Tracked |
Showing first 20 of 87
Source databases
AST
AST
Astra Linux Security Bulletins
Astra publishes per-release bulletins that map upstream CVEs to their own package repositories, with remediation timelines tied to the certification level (SE 1.7, CE 2.12, etc.). Indispensable for systems that require ФСТЭК/ФСБ clearance.
Region
RU
Updates
24 ч
License
Открытые данные
Vendor security bulletins for Astra Linux Special Edition and Common Edition — the primary certified Linux OS for Russian defense and critical infrastructure.
https://wiki.astralinux.ru/pages/viewpage.action?pageId=27362056 →DEB
DEB
Debian Security Advisories (DSA)
DSAs are published by the Debian Security Team for issues affecting the stable distribution. The downstream tracker (security-tracker.debian.org) additionally maps every CVE to its package-level status across all supported suites.
Region
Intl.
Updates
1 ч
License
Public Domain
Advisories covering the Debian stable and oldstable releases. Ship notes include the exact .deb version that remediates each issue.
https://www.debian.org/security/ →CVE
CVE
National Vulnerability Database
NVD is the U.S. government repository of standards-based vulnerability management data, built on top of the MITRE CVE list. Every record includes CPE applicability statements, CVSS v2 and v3.x base scores, CWE mappings and cross-references to advisories.
Region
US
Updates
15 min
License
Public Domain
Comprehensive catalog of publicly disclosed vulnerabilities with CPE matches, CVSS scoring and reference URLs. De-facto standard for cross-vendor correlation.
https://nvd.nist.gov →Related vulnerabilities
External references
https://access.redhat.com/errata/RHSA-2026:0936@https://access.redhat.com/errata/RHSA-2026:0975@https://access.redhat.com/errata/RHSA-2026:0991@https://access.redhat.com/errata/RHSA-2026:1323@https://access.redhat.com/errata/RHSA-2026:1324@https://access.redhat.com/errata/RHSA-2026:1326@https://access.redhat.com/errata/RHSA-2026:1327@https://access.redhat.com/errata/RHSA-2026:1465@https://access.redhat.com/errata/RHSA-2026:1608@https://access.redhat.com/errata/RHSA-2026:1624@https://access.redhat.com/errata/RHSA-2026:1625@https://access.redhat.com/errata/RHSA-2026:1626@https://access.redhat.com/errata/RHSA-2026:1627@https://access.redhat.com/errata/RHSA-2026:1652@https://access.redhat.com/errata/RHSA-2026:1736@https://access.redhat.com/errata/RHSA-2026:18344@https://access.redhat.com/errata/RHSA-2026:18705@https://access.redhat.com/errata/RHSA-2026:2064@https://access.redhat.com/errata/RHSA-2026:2072@https://access.redhat.com/errata/RHSA-2026:2485@https://access.redhat.com/errata/RHSA-2026:2563@https://access.redhat.com/errata/RHSA-2026:2633@https://access.redhat.com/errata/RHSA-2026:2659@https://access.redhat.com/errata/RHSA-2026:2671@https://access.redhat.com/errata/RHSA-2026:2974@https://access.redhat.com/errata/RHSA-2026:3415@https://access.redhat.com/errata/RHSA-2026:4419@https://access.redhat.com/errata/RHSA-2026:7461@https://access.redhat.com/security/cve/CVE-2025-13601@https://bugzilla.redhat.com/show_bug.cgi?id=2416741@https://gitlab.gnome.org/GNOME/glib/-/issues/3827@https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914@https://cert-portal.siemens.com/productcert/html/ssa-253495.htmlhttps://www.cve.org/CVERecord?id=CVE-2025-13601@https://access.redhat.com/security/cve/CVE-2025-13601@https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914