CVE-2025-4373
4.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
Summary
A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
0 < 2.84.2 | affected | ||
| Red Hat | Red Hat Enterprise Linux 10 | 0:2.80.4-4.el10_0.6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8 | 0:2.56.4-166.el8_10 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support | 0:2.56.4-8.el8_2.2 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | 0:2.56.4-10.el8_4.2 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On | 0:2.56.4-10.el8_4.2 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | 0:2.56.4-158.el8_6.2 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service | 0:2.56.4-158.el8_6.2 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | 0:2.56.4-158.el8_6.2 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service | 0:2.56.4-162.el8_8 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | 0:2.56.4-162.el8_8 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:2.68.4-16.el9_6.2 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:2.68.4-16.el9_6.2 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | 0:2.68.4-5.el9_0.2 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | 0:2.68.4-7.el9_2.2 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support | 0:2.68.4-14.el9_4.3 < * | unaffected |
| Red Hat | Red Hat Insights proxy 1.5 | 1.5.5-1754504343 < * | unaffected |
| Red Hat | Red Hat OpenShift distributed tracing 3.6.0 | rhosdt-3.6-1753265330 < * | unaffected |
| Red Hat | Red Hat OpenShift distributed tracing 3.6.0 | rhosdt-3.6-1753265394 < * | unaffected |
| Red Hat | Red Hat OpenShift distributed tracing 3.6.0 | rhosdt-3.6-1753265332 < * | unaffected |
| Red Hat | Red Hat OpenShift distributed tracing 3.6.0 | rhosdt-3.6-1753265435 < * | unaffected |
| Red Hat | Red Hat OpenShift distributed tracing 3.6.0 | rhosdt-3.6-1753265342 < * | unaffected |
| Red Hat | Red Hat OpenShift distributed tracing 3.6.0 | rhosdt-3.6-1753265332 < * | unaffected |
| Red Hat | Red Hat OpenShift distributed tracing 3.6.0 | rhosdt-3.6-1753269432 < * | unaffected |
| Red Hat | Red Hat OpenShift distributed tracing 3.6.0 | rhosdt-3.6-1753265411 < * | unaffected |
| Red Hat | Red Hat OpenShift distributed tracing 3.6.0 | rhosdt-3.6-1753265314 < * | unaffected |
Weaknesses
- CWE-124: Buffer Underwrite ('Buffer Underflow')
Workarounds
Currently, no mitigation is available for this vulnerability.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
Additional References
- https://cert-portal.siemens.com/productcert/html/ssa-082556.html
- https://cert-portal.siemens.com/productcert/html/ssa-089022.html
References
- https://access.redhat.com/errata/RHSA-2025:10855
- https://access.redhat.com/errata/RHSA-2025:11140
- https://access.redhat.com/errata/RHSA-2025:11327
- https://access.redhat.com/errata/RHSA-2025:11373
- https://access.redhat.com/errata/RHSA-2025:11374
- https://access.redhat.com/errata/RHSA-2025:11662
- https://access.redhat.com/errata/RHSA-2025:12275
- https://access.redhat.com/errata/RHSA-2025:13335
- https://access.redhat.com/errata/RHSA-2025:14988
- https://access.redhat.com/errata/RHSA-2025:14989
- https://access.redhat.com/errata/RHSA-2025:14990
- https://access.redhat.com/errata/RHSA-2025:14991
- https://access.redhat.com/security/cve/CVE-2025-4373
- https://bugzilla.redhat.com/show_bug.cgi?id=2364265
- https://gitlab.gnome.org/GNOME/glib/-/issues/3677
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.