CVE-2025-13601

HIGH EPSS 22.2%
Published Nov 26, 20257mo ago · Modified Jun 17, 20261w ago
7.7 CVSS 3.1
High
Find Similar
Published Nov 26, 2025 7mo ago
Last Modified Jun 17, 2026 1w ago

Description

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.

CVSS Details

Base Score
7.7
Exploitability
2.5
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
22.2% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-190 Integer Overflow or Wraparound Numeric Error

Affected Products 102

VendorProductVersionRange
redhatcodeready_linux_builder9.0any
redhatcodeready_linux_builder_for_ibm_z_systems9.0_s390xany
redhatcodeready_linux_builder_for_power_little_endian9.0_ppc64leany
redhatcodeready_linux_builder_for_x86_649.0any
redhatenterprise_linux_for_arm_649.0any
redhatenterprise_linux_for_ibm_z_systems9.0_s390xany
redhatenterprise_linux_for_power_little_endian9.0_ppc64leany
redhatenterprise_linux_for_x86_649.0any
redhatcodeready_linux_builder_for_arm6410.0any
redhatcodeready_linux_builder_for_ibm_z_systems10.0_s390xany
redhatcodeready_linux_builder_for_power_little_endian10.0_ppc64leany
redhatcodeready_linux_builder_for_x86_6410.0any
redhatenterprise_linux_for_arm_6410.0any
redhatenterprise_linux_for_ibm_z_systems10.0_s390xany
redhatenterprise_linux_for_power_little_endian10.0_ppc64leany
redhatenterprise_linux_for_x86_6410.0any
redhatcodeready_linux_builder_for_arm648.0any
redhatcodeready_linux_builder_for_ibm_z_systems8.0_s390xany
redhatcodeready_linux_builder_for_power_little_endian8.0_ppc64leany
redhatcodeready_linux_builder_for_x86_648.0any
redhatenterprise_linux_for_arm_648.0any
redhatenterprise_linux_for_ibm_z_systems8.0_s390xany
redhatenterprise_linux_for_power_little_endian8.0_ppc64leany
redhatenterprise_linux_for_x86_648.0any
redhatenterprise_linux_for_arm_649.2any
redhatenterprise_linux_for_ibm_z_systems9.2_s390xany
redhatenterprise_linux_for_power_little_endian9.2_ppc64leany
redhatenterprise_linux_for_x86_649.2any
redhatenterprise_linux_server_aus9.2any
redhatcodeready_linux_builder_for_arm64_eus9.4any
redhatcodeready_linux_builder_for_ibm_z_systems9.4_s390xany
redhatcodeready_linux_builder_for_power_little_endian9.4_ppc64leany
redhatcodeready_linux_builder_for_x86_649.4any
redhatenterprise_linux_for_arm_649.4any
redhatenterprise_linux_for_ibm_z_systems9.4_s390xany
redhatenterprise_linux_for_power_little_endian9.4_ppc64leany
redhatenterprise_linux_for_x86_649.4any
redhatenterprise_linux_for_x86_64_eus9.4any
redhatenterprise_linux_server_aus9.4any
redhatenterprise_linux_server_for_power_little_endian9.4_ppc64leany
redhatenterprise_linux_server_for_power_little_endian_eus9.4_ppc64leany
redhatcodeready_linux_builder_for_arm64_eus10.0any
redhatcodeready_linux_builder_for_ibm_z_systems_eus10.0_s390xany
redhatcodeready_linux_builder_for_power_little_endian_eus10.0_ppc64leany
redhatcodeready_linux_builder_for_x86_64_eus10.0any
redhatenterprise_linux_for_arm_64_eus10.0any
redhatenterprise_linux_for_ibm_z_systems_eus10.0_s390xany
redhatenterprise_linux_for_power_little_endian_eus10.0_ppc64leany
redhatenterprise_linux_for_x86_64_eus10.0any
redhatenterprise_linux_server_for_power_little_endian10.0_ppc64leany
redhatcodeready_linux_builder_for_arm649.6any
redhatcodeready_linux_builder_for_ibm_z_systems9.6_s390xany
redhatcodeready_linux_builder_for_power_little_endian9.6_ppc64leany
redhatcodeready_linux_builder_for_x86_649.6any
redhatenterprise_linux_for_arm_649.6any
redhatenterprise_linux_for_ibm_z_systems9.6_s390xany
redhatenterprise_linux_for_power_little_endian9.6_ppc64leany
redhatenterprise_linux_for_power_little_endian_eus9.6_ppc64leany
redhatenterprise_linux_for_x86_649.6any
redhatenterprise_linux_for_x86_64_eus9.6any
redhatenterprise_linux_server_aus9.6any
redhatenterprise_linux_server_for_power_little_endian9.6_ppc64leany
redhatenterprise_linux_for_x86_648.6any
redhatenterprise_linux_for_x86_64_eus8.6any
redhatenterprise_linux_server_aus8.6any
redhatenterprise_linux_server_for_power_little_endian8.6_ppc64leany
redhatenterprise_linux_server_tus8.6any
redhatenterprise_linux_for_x86_648.8any
redhatenterprise_linux_for_x86_64_eus8.8any
redhatenterprise_linux_server_for_power_little_endian8.8_ppc64leany
redhatenterprise_linux_server_tus8.8any
redhatenterprise_linux_for_x86_64_eus8.4any
redhatenterprise_linux_server_aus8.4any
redhatenterprise_linux_server_aus8.2any
redhatceph_storage8.0any
redhatdiscovery2.0any
gnomeglib* <2.86.3
redhatopenshift_container_platform4.12any
redhatopenshift_container_platform4.16any
redhatopenshift_container_platform4.17any
redhatopenshift_container_platform4.18any
redhatopenshift_container_platform4.19any
redhatopenshift_container_platform_for_arm644.12any
redhatopenshift_container_platform_for_arm644.16any
redhatopenshift_container_platform_for_arm644.17any
redhatopenshift_container_platform_for_arm644.18any
redhatopenshift_container_platform_for_arm644.19any
redhatopenshift_container_platform_for_ibm_z4.12any
redhatopenshift_container_platform_for_ibm_z4.16any
redhatopenshift_container_platform_for_ibm_z4.17any
redhatopenshift_container_platform_for_ibm_z4.18any
redhatopenshift_container_platform_for_ibm_z4.19any
redhatopenshift_container_platform_for_linuxone4.12any
redhatopenshift_container_platform_for_linuxone4.16any
redhatopenshift_container_platform_for_linuxone4.17any
redhatopenshift_container_platform_for_linuxone4.18any
redhatopenshift_container_platform_for_linuxone4.19any
redhatopenshift_container_platform_for_power4.12any
redhatopenshift_container_platform_for_power4.16any
redhatopenshift_container_platform_for_power4.17any
redhatopenshift_container_platform_for_power4.18any
redhatopenshift_container_platform_for_power4.19any

References 33

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.