VDB

DEBIAN-CVE-2025-8058

DEBIAN-CVE-2025-8058 PUBLISHED CVSS 5.900000095367432 MEDIUM

The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.

Risk Scores

CVSS 4.0
5.900000095367432
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products

VendorProductVersions
Debian:12glibc*, 2.36-9, 2.36-9
Debian:13glibc0, 0
Debian:11glibc2.33-0experimental3, 2.33-1, 2.33-1+qemu
Debian:14glibc0, 0

Exploit Intelligence

Timeline

  • Jul 23, 2025 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›