CVE-2025-13601 | THREATINT

Description

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.

PUBLISHED Reserved 2025-11-24 | Published 2025-11-26 | Updated 2026-05-19 | Assigner redhat

HIGH: 7.7CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Problem types

Integer Overflow or Wraparound

Product status

Default status

unaffected

Any version before 2.86.3

affected

Default status

affected

0:2.80.4-10.el10_1.12 (rpm) before *

unaffected

Default status

affected

0:2.87.0-1.el10 (rpm) before *

unaffected

Default status

affected

0:2.80.4-4.el10_0.8 (rpm) before *

unaffected

Default status

affected

0:2.56.1-11.el7_9 (rpm) before *

unaffected

Default status

affected

0:2.56.4-168.el8_10 (rpm) before *

unaffected

Default status

affected

0:2.56.4-8.el8_2.4 (rpm) before *

unaffected

Default status

affected

0:2.56.4-10.el8_4.4 (rpm) before *

unaffected

Default status

affected

0:2.56.4-10.el8_4.4 (rpm) before *

unaffected

Default status

affected

0:2.56.4-158.el8_6.4 (rpm) before *

unaffected

Default status

affected

0:2.56.4-158.el8_6.4 (rpm) before *

unaffected

Default status

affected

0:2.56.4-158.el8_6.4 (rpm) before *

unaffected

Default status

affected

0:2.56.4-164.el8_8 (rpm) before *

unaffected

Default status

affected

0:2.56.4-164.el8_8 (rpm) before *

unaffected

Default status

affected

0:2.68.4-18.el9_7.1 (rpm) before *

unaffected

Default status

affected

0:2.68.4-18.el9_7.1 (rpm) before *

unaffected

Default status

affected

0:2.68.4-5.el9_0.4 (rpm) before *

unaffected

Default status

affected

0:2.68.4-7.el9_2.4 (rpm) before *

unaffected

Default status

affected

0:2.68.4-14.el9_4.5 (rpm) before *

unaffected

Default status

affected

0:2.68.4-16.el9_6.4 (rpm) before *

unaffected

Default status

affected

412.86.202602021310-0 (rpm) before *

unaffected

Default status

affected

413.92.202602240113-0 (rpm) before *

unaffected

Default status

affected

414.92.202602171627-0 (rpm) before *

unaffected

Default status

affected

415.92.202603101737-0 (rpm) before *

unaffected

Default status

affected

416.94.202602101357-0 (rpm) before *

unaffected

Default status

affected

417.94.202602090846-0 (rpm) before *

unaffected

Default status

affected

418.94.202602022246-0 (rpm) before *

unaffected

Default status

affected

4.19.9.6.202602112047-0 (rpm) before *

unaffected

Default status

affected

1769512383 (rpm) before *

unaffected

Default status

affected

1769104765 (rpm) before *

unaffected

Default status

affected

1769111774 (rpm) before *

unaffected

Default status

affected

2.88.0-1.1.hum1 (rpm) before *

unaffected

Default status

affected

1770740405 (rpm) before *

unaffected

Default status

affected

1770808689 (rpm) before *

unaffected

Default status

affected

1770807477 (rpm) before *

unaffected

Default status

affected

1770646925 (rpm) before *

unaffected

Default status

affected

1770808765 (rpm) before *

unaffected

Default status

unknown

Default status

affected

Default status

affected

Timeline

2025-11-24:	Reported to Red Hat.
2025-11-24:	Made public.

References

access.redhat.com/errata/RHSA-2026:0936 (RHSA-2026:0936) vendor-advisory

access.redhat.com/errata/RHSA-2026:0975 (RHSA-2026:0975) vendor-advisory

access.redhat.com/errata/RHSA-2026:0991 (RHSA-2026:0991) vendor-advisory

access.redhat.com/errata/RHSA-2026:1323 (RHSA-2026:1323) vendor-advisory

access.redhat.com/errata/RHSA-2026:1324 (RHSA-2026:1324) vendor-advisory

access.redhat.com/errata/RHSA-2026:1326 (RHSA-2026:1326) vendor-advisory

access.redhat.com/errata/RHSA-2026:1327 (RHSA-2026:1327) vendor-advisory

access.redhat.com/errata/RHSA-2026:1465 (RHSA-2026:1465) vendor-advisory

access.redhat.com/errata/RHSA-2026:1608 (RHSA-2026:1608) vendor-advisory

access.redhat.com/errata/RHSA-2026:1624 (RHSA-2026:1624) vendor-advisory

access.redhat.com/errata/RHSA-2026:1625 (RHSA-2026:1625) vendor-advisory

access.redhat.com/errata/RHSA-2026:1626 (RHSA-2026:1626) vendor-advisory

access.redhat.com/errata/RHSA-2026:1627 (RHSA-2026:1627) vendor-advisory

access.redhat.com/errata/RHSA-2026:1652 (RHSA-2026:1652) vendor-advisory

access.redhat.com/errata/RHSA-2026:1736 (RHSA-2026:1736) vendor-advisory

access.redhat.com/errata/RHSA-2026:18344 (RHSA-2026:18344) vendor-advisory

access.redhat.com/errata/RHSA-2026:2064 (RHSA-2026:2064) vendor-advisory

access.redhat.com/errata/RHSA-2026:2072 (RHSA-2026:2072) vendor-advisory

access.redhat.com/errata/RHSA-2026:2485 (RHSA-2026:2485) vendor-advisory

access.redhat.com/errata/RHSA-2026:2563 (RHSA-2026:2563) vendor-advisory

access.redhat.com/errata/RHSA-2026:2633 (RHSA-2026:2633) vendor-advisory

access.redhat.com/errata/RHSA-2026:2659 (RHSA-2026:2659) vendor-advisory

access.redhat.com/errata/RHSA-2026:2671 (RHSA-2026:2671) vendor-advisory

access.redhat.com/errata/RHSA-2026:2974 (RHSA-2026:2974) vendor-advisory

access.redhat.com/errata/RHSA-2026:3415 (RHSA-2026:3415) vendor-advisory

access.redhat.com/errata/RHSA-2026:4419 (RHSA-2026:4419) vendor-advisory

access.redhat.com/errata/RHSA-2026:7461 (RHSA-2026:7461) vendor-advisory

access.redhat.com/security/cve/CVE-2025-13601 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2416741 (RHBZ#2416741) issue-tracking

gitlab.gnome.org/GNOME/glib/-/issues/3827

gitlab.gnome.org/GNOME/glib/-/merge_requests/4914

cve.org (CVE-2025-13601)

nvd.nist.gov (CVE-2025-13601)

Download JSON