Integer overflow in Gnome Glib
CVE-2025-13601
A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need…
Vulnerability class: Integer Overflow
EPSS: 0.000 (2.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.7 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H.
Affected products
- Gnome Glib
- Red Hat Ceph Storage 8 — versions sha256:09aaeba975aa74bdf95d63e5619c0cabb1cd9e1410aa34e7f8ecf24a5e291d1a, 1769512383
- Red Hat Discovery 2 — versions 1769104765, 1769111774, sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6
- Red Hat Enterprise Linux 10 — versions 0:2.80.4-10.el10_1.12, 0:2.87.0-1.el10
- Red Hat Enterprise Linux 10.0 Extended Update Support — versions 0:2.80.4-4.el10_0.8
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 7 Extended Lifecycle Support — versions 0:2.56.1-11.el7_9
- Red Hat Enterprise Linux 8 — versions 0:2.56.4-168.el8_10
- Red Hat Enterprise Linux 8.2 Advanced Update Support — versions 0:2.56.4-8.el8_2.4
- Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support — versions 0:2.56.4-10.el8_4.4
Weakness classification (CWE)
References
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
Frequently asked questions
- What is CVE-2025-13601?
- CVE-2025-13601 is a high-severity vulnerability in Gnome Glib, classified under Integer Overflow or Wraparound. CVSS score: 7.7/10. Published 2025-11-26.
- How severe is CVE-2025-13601?
- High severity. CVSS v3 base score is 7.7 out of 10.