CVE-2025-0395 : When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it

When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.

Published 2025-01-22 13:15:21

Updated 2025-04-30 05:15:47

Source glibc

View at NVD, CVE.org

Vulnerability category: Overflow

Products affected by CVE-2025-0395

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2025-0395

EPSS FAQ

0.22%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 45 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2025-0395

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	134c704f-9b21-4f2e-91b3-4a467353bcc0	2025-02-04
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2025-0395

CWE-131 Incorrect Calculation of Buffer Size

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

Assigned by: 3ff69d7a-14f2-4f67-a097-88dee7810d18 (Secondary)

References for CVE-2025-0395

https://sourceware.org/pipermail/libc-announce/2025/000044.html

The GNU C Library security advisories update for 2025-01-22
http://www.openwall.com/lists/oss-security/2025/04/13/1
https://security.netapp.com/advisory/ntap-20250228-0006/

CVE-2025-0395 glibc Vulnerability in NetApp Products | NetApp Product Security
http://www.openwall.com/lists/oss-security/2025/01/22/4

oss-security - CVE-2025-0395: Buffer overflow in the GNU C Library's assert()
http://www.openwall.com/lists/oss-security/2025/04/24/7

oss-security - Re: CVE-2025-0395: Buffer overflow in the GNU C Library's assert()
https://lists.debian.org/debian-lts-announce/2025/04/msg00039.html

[SECURITY] [DLA 4143-1] glibc security update
https://www.openwall.com/lists/oss-security/2025/01/22/4
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2025-0001

sourceware.org Git - glibc.git/blob - advisories/GLIBC-SA-2025-0001
http://www.openwall.com/lists/oss-security/2025/01/23/2

oss-security - Re: CVE-2025-0395: Buffer overflow in the GNU C Library's assert()
https://sourceware.org/bugzilla/show_bug.cgi?id=32582

32582 – (CVE-2025-0395) Insufficient allocation for abort_msg_s (CVE-2025-0395)

Jump to

Vulnerability Details : CVE-2025-0395

Products affected by CVE-2025-0395

Exploit prediction scoring system (EPSS) score for CVE-2025-0395

CVSS scores for CVE-2025-0395

CWE ids for CVE-2025-0395

References for CVE-2025-0395