V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2025-13601
AST
High

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() functio…

CVSS
7.7
High
EPSS
0.00
p19
Published
2025-01-01
Updated
2025-01-01
Description

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.

Tags · CWE
CWE-190
CAPEC-92
Affected products
Ceph_storageDiscovery
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Timeline
2025-01-01
Published
2025-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: L
Local (L)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: N
None (N)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.003 · p19
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
ProductVendorStatus
glib2.0Tracked
glib2.0Tracked
glib2.0Tracked
glib2.0Tracked
glib2.0Tracked
ceph_storage*Tracked
codeready_linux_builder*Tracked
codeready_linux_builder_for_arm64*Tracked
codeready_linux_builder_for_arm64*Tracked
codeready_linux_builder_for_arm64*Tracked
codeready_linux_builder_for_arm64_eus*Tracked
codeready_linux_builder_for_arm64_eus*Tracked
codeready_linux_builder_for_ibm_z_systems*Tracked
codeready_linux_builder_for_ibm_z_systems*Tracked
codeready_linux_builder_for_ibm_z_systems*Tracked
codeready_linux_builder_for_ibm_z_systems*Tracked
codeready_linux_builder_for_ibm_z_systems*Tracked
codeready_linux_builder_for_ibm_z_systems_eus*Tracked
codeready_linux_builder_for_power_little_endian*Tracked
codeready_linux_builder_for_power_little_endian*Tracked
Showing first 20 of 87
Source databases
AST
DEB
CVE
Related vulnerabilities
External references
https://access.redhat.com/errata/RHSA-2026:0936@https://access.redhat.com/errata/RHSA-2026:0975@https://access.redhat.com/errata/RHSA-2026:0991@https://access.redhat.com/errata/RHSA-2026:1323@https://access.redhat.com/errata/RHSA-2026:1324@https://access.redhat.com/errata/RHSA-2026:1326@https://access.redhat.com/errata/RHSA-2026:1327@https://access.redhat.com/errata/RHSA-2026:1465@https://access.redhat.com/errata/RHSA-2026:1608@https://access.redhat.com/errata/RHSA-2026:1624@https://access.redhat.com/errata/RHSA-2026:1625@https://access.redhat.com/errata/RHSA-2026:1626@https://access.redhat.com/errata/RHSA-2026:1627@https://access.redhat.com/errata/RHSA-2026:1652@https://access.redhat.com/errata/RHSA-2026:1736@https://access.redhat.com/errata/RHSA-2026:18344@https://access.redhat.com/errata/RHSA-2026:18705@https://access.redhat.com/errata/RHSA-2026:2064@https://access.redhat.com/errata/RHSA-2026:2072@https://access.redhat.com/errata/RHSA-2026:2485@https://access.redhat.com/errata/RHSA-2026:2563@https://access.redhat.com/errata/RHSA-2026:2633@https://access.redhat.com/errata/RHSA-2026:2659@https://access.redhat.com/errata/RHSA-2026:2671@https://access.redhat.com/errata/RHSA-2026:2974@https://access.redhat.com/errata/RHSA-2026:3415@https://access.redhat.com/errata/RHSA-2026:4419@https://access.redhat.com/errata/RHSA-2026:7461@https://access.redhat.com/security/cve/CVE-2025-13601@https://bugzilla.redhat.com/show_bug.cgi?id=2416741@https://gitlab.gnome.org/GNOME/glib/-/issues/3827@https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914@https://cert-portal.siemens.com/productcert/html/ssa-253495.htmlhttps://www.cve.org/CVERecord?id=CVE-2025-13601@https://access.redhat.com/security/cve/CVE-2025-13601@https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914