Advisory text for CVE-2025-8058

author Adhemerval Zanella <adhemerval.zanella@linaro.org>

Wed, 23 Jul 2025 19:09:19 +0000 (16:09 -0300)

committer Adhemerval Zanella <adhemerval.zanella@linaro.org>

Wed, 23 Jul 2025 19:49:03 +0000 (16:49 -0300)
author Adhemerval Zanella <adhemerval.zanella@linaro.org>
Wed, 23 Jul 2025 19:09:19 +0000 (16:09 -0300)
committer Adhemerval Zanella <adhemerval.zanella@linaro.org>
Wed, 23 Jul 2025 19:49:03 +0000 (16:49 -0300)
diff --git a/advisories/GLIBC-SA-2025-0005 b/advisories/GLIBC-SA-2025-0005

new file mode 100644 (file)

index 0000000..8bcccc5
--- /dev/null
+++ b/advisories/GLIBC-SA-2025-0005
@@ -0,0 +1,14 @@
+posix: Fix double-free after allocation failure in regcomp
+
+The regcomp function in the GNU C library version from 2.4 to 2.41 is
+subject to a double free if some previous allocation fails. It can be
+accomplished either by a malloc failure or by using an interposed
+malloc that injects random malloc failures. The double free can allow
+buffer manipulation depending of how the regex is constructed.
+This issue affects all architectures and ABIs supported by the GNU C
+library.
+
+CVE-Id: CVE-2025-8058
+Public-Date: 2025-07-22
+Vulnerable-Commit: 963d8d782fc98fb6dc3a66f0068795f9920c269d (2.3.3-1596)
+Fix-Commit: 7ea06e994093fa0bcca0d0ee2c1db271d8d7885d (2.42)
author	Adhemerval Zanella <adhemerval.zanella@linaro.org>
	Wed, 23 Jul 2025 19:09:19 +0000 (16:09 -0300)
committer	Adhemerval Zanella <adhemerval.zanella@linaro.org>
	Wed, 23 Jul 2025 19:49:03 +0000 (16:49 -0300)