CVEFinder.io

CVE-2025-13601

⚠️ high
Summary

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.

CVSS Score
7.7
High
EPSS Score
0.0
Exploit Probability
Published Date
2025-11-26
First Seen: 2026-01-05
Last Modified 2026-02-06
Source NVD πŸ”—
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CWE IDs (Weakness Types)
CWE-190

πŸ”— References 19

https://access.redhat.com/errata/RHSA-2026:0936
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:0975
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:0991
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1323
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1324
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1326
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1327
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1465
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1608
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1624
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1625
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1626
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1627
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1652
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1736
Vendor Advisory
https://access.redhat.com/security/cve/CVE-2025-13601
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2416741
Issue Tracking Vendor Advisory
https://gitlab.gnome.org/GNOME/glib/-/issues/3827
Exploit Issue Tracking
https://gitlab.gnome.org/GNOME/glib/-/merge_requests...
Third Party Advisory

πŸ“¦ Affected Products 56

Vendor Product Status Affected Versions
gnome glib Affected
< 2.86.3
redhat enterprise_linux_for_power_little_endian Affected
v10.0_ppc64le
redhat enterprise_linux_for_power_little_endian Affected
v8.0_ppc64le
redhat enterprise_linux_for_power_little_endian Affected
v9.0_ppc64le
redhat enterprise_linux_for_power_little_endian Affected
v9.2_ppc64le
redhat enterprise_linux_for_power_little_endian Affected
v9.4_ppc64le
redhat enterprise_linux_for_power_little_endian Affected
v9.6_ppc64le
redhat enterprise_linux_for_ibm_z_systems Affected
v10.0_s390x
redhat enterprise_linux_for_ibm_z_systems Affected
v8.0_s390x
redhat enterprise_linux_for_ibm_z_systems Affected
v9.0_s390x
redhat enterprise_linux_for_ibm_z_systems Affected
v9.2_s390x
redhat enterprise_linux_for_ibm_z_systems Affected
v9.4_s390x
redhat enterprise_linux_for_ibm_z_systems Affected
v9.6_s390x
redhat enterprise_linux_for_power_little_endian_eus Affected
v10.0_ppc64le
redhat enterprise_linux_for_power_little_endian_eus Affected
v9.6_ppc64le
redhat enterprise_linux_for_ibm_z_systems_eus Affected
v10.0_s390x
redhat enterprise_linux_server_tus Affected
v8.6
redhat enterprise_linux_server_tus Affected
v8.8
redhat enterprise_linux_server_aus Affected
v8.2
redhat enterprise_linux_server_aus Affected
v8.4
redhat enterprise_linux_server_aus Affected
v8.6
redhat enterprise_linux_server_aus Affected
v9.2
redhat enterprise_linux_server_aus Affected
v9.4
redhat enterprise_linux_server_aus Affected
v9.6
redhat ceph_storage Affected
v8.0
redhat discovery Affected
v2.0
redhat enterprise_linux_server_for_power_little_endian Affected
v10.0_ppc64le
redhat enterprise_linux_server_for_power_little_endian Affected
v8.6_ppc64le
redhat enterprise_linux_server_for_power_little_endian Affected
v8.8_ppc64le
redhat enterprise_linux_server_for_power_little_endian Affected
v9.4_ppc64le
redhat enterprise_linux_server_for_power_little_endian Affected
v9.6_ppc64le
redhat codeready_linux_builder Affected
v9.0
redhat codeready_linux_builder_for_ibm_z_systems Affected
v10.0_s390x
redhat codeready_linux_builder_for_ibm_z_systems Affected
v8.0_s390x
redhat codeready_linux_builder_for_ibm_z_systems Affected
v9.0_s390x
redhat codeready_linux_builder_for_ibm_z_systems Affected
v9.4_s390x
redhat codeready_linux_builder_for_ibm_z_systems Affected
v9.6_s390x
redhat codeready_linux_builder_for_power_little_endian Affected
v10.0_ppc64le
redhat codeready_linux_builder_for_power_little_endian Affected
v8.0_ppc64le
redhat codeready_linux_builder_for_power_little_endian Affected
v9.0_ppc64le
redhat codeready_linux_builder_for_power_little_endian Affected
v9.4_ppc64le
redhat codeready_linux_builder_for_power_little_endian Affected
v9.6_ppc64le
redhat codeready_linux_builder_for_power_little_endian_eus Affected
v10.0_ppc64le
redhat codeready_linux_builder_for_arm64_eus Affected
v10.0
redhat codeready_linux_builder_for_arm64_eus Affected
v9.4
redhat codeready_linux_builder_for_ibm_z_systems_eus Affected
v10.0_s390x
redhat enterprise_linux_for_arm_64 Affected
v10.0
redhat enterprise_linux_for_arm_64 Affected
v8.0
redhat enterprise_linux_for_arm_64 Affected
v9.0
redhat enterprise_linux_for_arm_64 Affected
v9.2
redhat enterprise_linux_for_arm_64 Affected
v9.4
redhat enterprise_linux_for_arm_64 Affected
v9.6
redhat enterprise_linux_for_arm_64_eus Affected
v10.0
redhat codeready_linux_builder_for_arm64 Affected
v10.0
redhat codeready_linux_builder_for_arm64 Affected
v8.0
redhat codeready_linux_builder_for_arm64 Affected
v9.6

πŸ”— Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-14874 ⚠️ high 7.5 0.1 A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header t... 2025-12-18
CVE-2025-14512 πŸ”Ά medium 6.5 0.1 A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer ov... 2025-12-11
CVE-2025-14087 πŸ”Ά medium 5.6 0.3 A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a... 2025-12-10
CVE-2025-4056 ⚠️ high 7.5 0.1 A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a progr... 2025-07-28
CVE-2025-6052 ℹ️ low 3.7 0.1 A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, ... 2025-06-13
CVE-2025-6021 ⚠️ high 7.5 0.6 A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a ... 2025-06-12
These CVEs affect the same products