CVE-2025-0395 Information

Description

When the assert() function in the GNU C Library versions 2.13 to 2.40 fails it does not allocate enough space for the assertion failure message string and size information which may lead to a buffer overflow if the message string size aligns to page size.

Reference

https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2025-0001 https://sourceware.org/pipermail/libc-announce/2025/000044.html https://www.openwall.com/lists/oss-security/2025/01/22/4