CVE-2025-3360 | THREATINT

Description

A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.

PUBLISHED Reserved 2025-04-07 | Published 2025-04-07 | Updated 2025-11-21 | Assigner redhat

LOW: 3.7CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Problem types

Integer Overflow or Wraparound

Product status

Default status

unaffected

Any version before 2.82.5

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

unknown

Default status

unknown

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Timeline

2025-04-07:	Reported to Red Hat.
2025-04-07:	Made public.

References

lists.debian.org/debian-lts-announce/2025/04/msg00024.html

access.redhat.com/security/cve/CVE-2025-3360 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2357754 (RHBZ#2357754) issue-tracking

cve.org (CVE-2025-3360)

nvd.nist.gov (CVE-2025-3360)

Download JSON