CNNVD-202601-3273 Information

CNNVD ID

CNNVD-202601-3273

Related CVE

CVE-2025-15281

• CNNVD Published: 2026-01-20

Description (Chinese)

GNU C Library是GNU社区的一种按照LGPL许可协议发布的开源免费的C语言编译程序。 GNU C Library 2.0版本至2.42版本存在安全漏洞，该漏洞源于调用wordexp时可能返回未初始化内存，可能导致进程中止。

Description (English)

GNU C Library is a free-of-charge C-language translation process for the GNU community issued under the LGPL licence agreement. There is a security loophole in GNU C Library Versions 2.0 to 2.42, which stems from the possibility of returning uninitialized memory when calling Wordextp, which could lead to the suspension of the process.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

GNU

Published

2026-01-20

Last Modified

2026-02-24

References

https://sourceware.org/bugzilla/show_bug.cgi?id=33814 http://www.openwall.com/lists/oss-security/2026/01/20/3

Patch

https://www.gnu.org/software/libc/#download