From: Adhemerval Zanella Date: Wed, 23 Jul 2025 19:09:19 +0000 (-0300) Subject: Advisory text for CVE-2025-8058 X-Git-Tag: glibc-2.42~26 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3ff17af18c38727b88d9115e536c069e6b5d601f;p=thirdparty%2Fglibc.git Advisory text for CVE-2025-8058 The fix is already installed (7ea06e994093fa0bcca0d0ee2c1db271d8d7885d). Reviewed-by: Carlos O'Donell --- diff --git a/advisories/GLIBC-SA-2025-0005 b/advisories/GLIBC-SA-2025-0005 new file mode 100644 index 0000000000..8bcccc59a5 --- /dev/null +++ b/advisories/GLIBC-SA-2025-0005 @@ -0,0 +1,14 @@ +posix: Fix double-free after allocation failure in regcomp + +The regcomp function in the GNU C library version from 2.4 to 2.41 is +subject to a double free if some previous allocation fails. It can be +accomplished either by a malloc failure or by using an interposed +malloc that injects random malloc failures. The double free can allow +buffer manipulation depending of how the regex is constructed. +This issue affects all architectures and ABIs supported by the GNU C +library. + +CVE-Id: CVE-2025-8058 +Public-Date: 2025-07-22 +Vulnerable-Commit: 963d8d782fc98fb6dc3a66f0068795f9920c269d (2.3.3-1596) +Fix-Commit: 7ea06e994093fa0bcca0d0ee2c1db271d8d7885d (2.42)