VDB
DEBIAN-CVE-2025-8058
DEBIAN-CVE-2025-8058
PUBLISHED
CVSS 5.900000095367432 MEDIUM
The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.
Risk Scores
CVSS 4.0
5.900000095367432
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | glibc | *, 2.36-9, 2.36-9 |
| Debian:13 | glibc | 0, 0 |
| Debian:11 | glibc | 2.33-0experimental3, 2.33-1, 2.33-1+qemu |
| Debian:14 | glibc | 0, 0 |
Exploit Intelligence
- summary.html (github-poc)
- glibc.rb (github-poc)
- glibc.rb (github-poc)
Timeline
- Jul 23, 2025 CVE Published
- Apr 28, 2026 CVE Updated