CVE-2025-0395: When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message...

Description

When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.

Classification

CVE ID: CVE-2025-0395

Affected Products

Vendor: The GNU C Library

Product: glibc

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 17.97% (scored less or equal to compared to others)

EPSS Date: 2025-02-20 (when was this score calculated)

References

https://www.openwall.com/lists/oss-security/2025/01/22/4
https://sourceware.org/bugzilla/show_bug.cgi?id=32582
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2025-0001
https://sourceware.org/pipermail/libc-announce/2025/000044.html

Timeline

2025-01-23 00:30:49 UTC
CVE

When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message...
2025-04-15 11:15:26 UTC
Tenable Plugins

AlmaLinux 8 : glibc (ALSA-2025:3828)
2025-04-17 11:30:40 UTC
Tenable Plugins

Amazon Linux 2 : glibc (ALAS-2025-2828)