CVE-2025-13601
HIGH EPSS 22.2%
Published Nov 26, 20257mo ago · Modified Jun 17, 20261w ago
7.7 CVSS 3.1
Published Nov 26, 2025 7mo ago
Last Modified Jun 17, 2026 1w ago
Description
A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
22.2% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-190 Integer Overflow or Wraparound Numeric Error
Affected Products 102
| Vendor | Product | Version | Range |
|---|---|---|---|
| redhat | codeready_linux_builder | 9.0 | any |
| redhat | codeready_linux_builder_for_ibm_z_systems | 9.0_s390x | any |
| redhat | codeready_linux_builder_for_power_little_endian | 9.0_ppc64le | any |
| redhat | codeready_linux_builder_for_x86_64 | 9.0 | any |
| redhat | enterprise_linux_for_arm_64 | 9.0 | any |
| redhat | enterprise_linux_for_ibm_z_systems | 9.0_s390x | any |
| redhat | enterprise_linux_for_power_little_endian | 9.0_ppc64le | any |
| redhat | enterprise_linux_for_x86_64 | 9.0 | any |
| redhat | codeready_linux_builder_for_arm64 | 10.0 | any |
| redhat | codeready_linux_builder_for_ibm_z_systems | 10.0_s390x | any |
| redhat | codeready_linux_builder_for_power_little_endian | 10.0_ppc64le | any |
| redhat | codeready_linux_builder_for_x86_64 | 10.0 | any |
| redhat | enterprise_linux_for_arm_64 | 10.0 | any |
| redhat | enterprise_linux_for_ibm_z_systems | 10.0_s390x | any |
| redhat | enterprise_linux_for_power_little_endian | 10.0_ppc64le | any |
| redhat | enterprise_linux_for_x86_64 | 10.0 | any |
| redhat | codeready_linux_builder_for_arm64 | 8.0 | any |
| redhat | codeready_linux_builder_for_ibm_z_systems | 8.0_s390x | any |
| redhat | codeready_linux_builder_for_power_little_endian | 8.0_ppc64le | any |
| redhat | codeready_linux_builder_for_x86_64 | 8.0 | any |
| redhat | enterprise_linux_for_arm_64 | 8.0 | any |
| redhat | enterprise_linux_for_ibm_z_systems | 8.0_s390x | any |
| redhat | enterprise_linux_for_power_little_endian | 8.0_ppc64le | any |
| redhat | enterprise_linux_for_x86_64 | 8.0 | any |
| redhat | enterprise_linux_for_arm_64 | 9.2 | any |
| redhat | enterprise_linux_for_ibm_z_systems | 9.2_s390x | any |
| redhat | enterprise_linux_for_power_little_endian | 9.2_ppc64le | any |
| redhat | enterprise_linux_for_x86_64 | 9.2 | any |
| redhat | enterprise_linux_server_aus | 9.2 | any |
| redhat | codeready_linux_builder_for_arm64_eus | 9.4 | any |
| redhat | codeready_linux_builder_for_ibm_z_systems | 9.4_s390x | any |
| redhat | codeready_linux_builder_for_power_little_endian | 9.4_ppc64le | any |
| redhat | codeready_linux_builder_for_x86_64 | 9.4 | any |
| redhat | enterprise_linux_for_arm_64 | 9.4 | any |
| redhat | enterprise_linux_for_ibm_z_systems | 9.4_s390x | any |
| redhat | enterprise_linux_for_power_little_endian | 9.4_ppc64le | any |
| redhat | enterprise_linux_for_x86_64 | 9.4 | any |
| redhat | enterprise_linux_for_x86_64_eus | 9.4 | any |
| redhat | enterprise_linux_server_aus | 9.4 | any |
| redhat | enterprise_linux_server_for_power_little_endian | 9.4_ppc64le | any |
| redhat | enterprise_linux_server_for_power_little_endian_eus | 9.4_ppc64le | any |
| redhat | codeready_linux_builder_for_arm64_eus | 10.0 | any |
| redhat | codeready_linux_builder_for_ibm_z_systems_eus | 10.0_s390x | any |
| redhat | codeready_linux_builder_for_power_little_endian_eus | 10.0_ppc64le | any |
| redhat | codeready_linux_builder_for_x86_64_eus | 10.0 | any |
| redhat | enterprise_linux_for_arm_64_eus | 10.0 | any |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 10.0_s390x | any |
| redhat | enterprise_linux_for_power_little_endian_eus | 10.0_ppc64le | any |
| redhat | enterprise_linux_for_x86_64_eus | 10.0 | any |
| redhat | enterprise_linux_server_for_power_little_endian | 10.0_ppc64le | any |
| redhat | codeready_linux_builder_for_arm64 | 9.6 | any |
| redhat | codeready_linux_builder_for_ibm_z_systems | 9.6_s390x | any |
| redhat | codeready_linux_builder_for_power_little_endian | 9.6_ppc64le | any |
| redhat | codeready_linux_builder_for_x86_64 | 9.6 | any |
| redhat | enterprise_linux_for_arm_64 | 9.6 | any |
| redhat | enterprise_linux_for_ibm_z_systems | 9.6_s390x | any |
| redhat | enterprise_linux_for_power_little_endian | 9.6_ppc64le | any |
| redhat | enterprise_linux_for_power_little_endian_eus | 9.6_ppc64le | any |
| redhat | enterprise_linux_for_x86_64 | 9.6 | any |
| redhat | enterprise_linux_for_x86_64_eus | 9.6 | any |
| redhat | enterprise_linux_server_aus | 9.6 | any |
| redhat | enterprise_linux_server_for_power_little_endian | 9.6_ppc64le | any |
| redhat | enterprise_linux_for_x86_64 | 8.6 | any |
| redhat | enterprise_linux_for_x86_64_eus | 8.6 | any |
| redhat | enterprise_linux_server_aus | 8.6 | any |
| redhat | enterprise_linux_server_for_power_little_endian | 8.6_ppc64le | any |
| redhat | enterprise_linux_server_tus | 8.6 | any |
| redhat | enterprise_linux_for_x86_64 | 8.8 | any |
| redhat | enterprise_linux_for_x86_64_eus | 8.8 | any |
| redhat | enterprise_linux_server_for_power_little_endian | 8.8_ppc64le | any |
| redhat | enterprise_linux_server_tus | 8.8 | any |
| redhat | enterprise_linux_for_x86_64_eus | 8.4 | any |
| redhat | enterprise_linux_server_aus | 8.4 | any |
| redhat | enterprise_linux_server_aus | 8.2 | any |
| redhat | ceph_storage | 8.0 | any |
| redhat | discovery | 2.0 | any |
| gnome | glib | * | <2.86.3 |
| redhat | openshift_container_platform | 4.12 | any |
| redhat | openshift_container_platform | 4.16 | any |
| redhat | openshift_container_platform | 4.17 | any |
| redhat | openshift_container_platform | 4.18 | any |
| redhat | openshift_container_platform | 4.19 | any |
| redhat | openshift_container_platform_for_arm64 | 4.12 | any |
| redhat | openshift_container_platform_for_arm64 | 4.16 | any |
| redhat | openshift_container_platform_for_arm64 | 4.17 | any |
| redhat | openshift_container_platform_for_arm64 | 4.18 | any |
| redhat | openshift_container_platform_for_arm64 | 4.19 | any |
| redhat | openshift_container_platform_for_ibm_z | 4.12 | any |
| redhat | openshift_container_platform_for_ibm_z | 4.16 | any |
| redhat | openshift_container_platform_for_ibm_z | 4.17 | any |
| redhat | openshift_container_platform_for_ibm_z | 4.18 | any |
| redhat | openshift_container_platform_for_ibm_z | 4.19 | any |
| redhat | openshift_container_platform_for_linuxone | 4.12 | any |
| redhat | openshift_container_platform_for_linuxone | 4.16 | any |
| redhat | openshift_container_platform_for_linuxone | 4.17 | any |
| redhat | openshift_container_platform_for_linuxone | 4.18 | any |
| redhat | openshift_container_platform_for_linuxone | 4.19 | any |
| redhat | openshift_container_platform_for_power | 4.12 | any |
| redhat | openshift_container_platform_for_power | 4.16 | any |
| redhat | openshift_container_platform_for_power | 4.17 | any |
| redhat | openshift_container_platform_for_power | 4.18 | any |
| redhat | openshift_container_platform_for_power | 4.19 | any |
References 33
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:0936
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:0975
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:0991
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:1323
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:1324
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:1326
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:1327
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:1465
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:1608
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:1624
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:1625
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:1626
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:1627
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:1652
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:1736
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:18344
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:18705
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:2064
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:2072
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:2485
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:2563
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:2633
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:2659
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:2671
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:2974
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:3415
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:4419
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:7461
- access.redhat.com https://access.redhat.com/security/cve/CVE-2025-13601
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2416741
- cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-253495.html
- gitlab.gnome.org https://gitlab.gnome.org/GNOME/glib/-/issues/3827
- gitlab.gnome.org https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.