CNNVD-202507-3044 Information

CNNVD ID

CNNVD-202507-3044

Related CVE

CVE-2025-8058

• CNNVD Published: 2025-07-23

Description (Chinese)

GNU C Library是GNU社区的一种按照LGPL许可协议发布的开源免费的C语言编译程序。 GNU C Library 2.4至2.41版本存在安全漏洞，该漏洞源于regcomp函数在某些分配失败时存在双重释放，可能导致缓冲区操作。

Description (English)

GNU C Library is a free-of-charge C-language translation process for the GNU community issued under the LGPL licence agreement. There is a security loophole in versions 2.4 to 2.41 of the GNU C Library, which stems from the double release of the Regcomp function in certain distribution failures, which may lead to buffer zone operations.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

GNU

Published

2025-07-23

Last Modified

2026-02-24

References

https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://www.oracle.com/security-alerts/cpuoct2025.html

Patch

https://www.gnu.org/software/libc/#download