HomeRedhatCVE-2025-13601

CVE-2025-13601

HIGH
7.7CVSS
Published: 2025-11-26
Updated: 2026-02-06
AI Analysis

Description

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.

CVSS Metrics

Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Attack Vector
local
Complexity
low
Privileges
none
User Action
none
Scope
unchanged
Confidentiality
none
Integrity
high
Availability
high
Weaknesses
CWE-190

Metadata

Primary Vendor
REDHAT
Published
11/26/2025
Last Modified
2/6/2026
Source
NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

redhat : codeready_linux_builderredhat : codeready_linux_builder_for_ibm_z_systemsredhat : codeready_linux_builder_for_power_little_endianredhat : codeready_linux_builder_for_x86_64redhat : enterprise_linux_for_arm_64redhat : enterprise_linux_for_ibm_z_systemsredhat : enterprise_linux_for_power_little_endianredhat : enterprise_linux_for_x86_64redhat : codeready_linux_builder_for_arm64redhat : codeready_linux_builder_for_ibm_z_systemsredhat : codeready_linux_builder_for_power_little_endianredhat : codeready_linux_builder_for_x86_64redhat : enterprise_linux_for_arm_64redhat : enterprise_linux_for_ibm_z_systemsredhat : enterprise_linux_for_power_little_endianredhat : enterprise_linux_for_x86_64redhat : codeready_linux_builder_for_arm64redhat : codeready_linux_builder_for_ibm_z_systemsredhat : codeready_linux_builder_for_power_little_endianredhat : codeready_linux_builder_for_x86_64redhat : enterprise_linux_for_arm_64redhat : enterprise_linux_for_ibm_z_systemsredhat : enterprise_linux_for_power_little_endianredhat : enterprise_linux_for_x86_64redhat : enterprise_linux_for_arm_64redhat : enterprise_linux_for_ibm_z_systemsredhat : enterprise_linux_for_power_little_endianredhat : enterprise_linux_for_x86_64redhat : enterprise_linux_server_ausredhat : codeready_linux_builder_for_arm64_eusredhat : codeready_linux_builder_for_ibm_z_systemsredhat : codeready_linux_builder_for_power_little_endianredhat : codeready_linux_builder_for_x86_64redhat : enterprise_linux_for_arm_64redhat : enterprise_linux_for_ibm_z_systemsredhat : enterprise_linux_for_power_little_endianredhat : enterprise_linux_for_x86_64redhat : enterprise_linux_for_x86_64_eusredhat : enterprise_linux_server_ausredhat : enterprise_linux_server_for_power_little_endianredhat : enterprise_linux_server_for_power_little_endian_eusredhat : codeready_linux_builder_for_arm64_eusredhat : codeready_linux_builder_for_ibm_z_systems_eusredhat : codeready_linux_builder_for_power_little_endian_eusredhat : codeready_linux_builder_for_x86_64_eusredhat : enterprise_linux_for_arm_64_eusredhat : enterprise_linux_for_ibm_z_systems_eusredhat : enterprise_linux_for_power_little_endian_eusredhat : enterprise_linux_for_x86_64_eusredhat : enterprise_linux_server_for_power_little_endianredhat : codeready_linux_builder_for_arm64redhat : codeready_linux_builder_for_ibm_z_systemsredhat : codeready_linux_builder_for_power_little_endianredhat : codeready_linux_builder_for_x86_64redhat : enterprise_linux_for_arm_64redhat : enterprise_linux_for_ibm_z_systemsredhat : enterprise_linux_for_power_little_endianredhat : enterprise_linux_for_power_little_endian_eusredhat : enterprise_linux_for_x86_64redhat : enterprise_linux_for_x86_64_eusredhat : enterprise_linux_server_ausredhat : enterprise_linux_server_for_power_little_endianredhat : enterprise_linux_for_x86_64redhat : enterprise_linux_for_x86_64_eusredhat : enterprise_linux_server_ausredhat : enterprise_linux_server_for_power_little_endianredhat : enterprise_linux_server_tusredhat : enterprise_linux_for_x86_64redhat : enterprise_linux_for_x86_64_eusredhat : enterprise_linux_server_for_power_little_endianredhat : enterprise_linux_server_tusredhat : enterprise_linux_for_x86_64_eusredhat : enterprise_linux_server_ausredhat : enterprise_linux_server_ausredhat : ceph_storageredhat : discoverygnome : glib

AI-Powered Remediation

Generate remediation guidance or a C-suite brief for this vulnerability.

Executive Intelligence Brief

View on NIST NVD
CVE-CVE-2025-13601 | HIGH Severity | CVEDatabase.com | CVEDatabase.com