CVE-2025-0395

MEDIUM 6.2

CVSS Score

6.2

EPSS Score

0.0%

EPSS Percentile

0th

When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.

CWE	CWE-131
Vendor	the gnu c library
Product	glibc
Published	Jan 22, 2025
Last Updated	May 12, 2026

Stay Ahead of the Next One

Get instant alerts for the gnu c library glibc

Be the first to know when new medium vulnerabilities affecting the gnu c library glibc are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

The GNU C Library / glibc

2.13 ≤ 2.40

References

NVD ↗ CVE.org ↗ EPSS Data ↗

openwall.com: https://www.openwall.com/lists/oss-security/2025/01/22/4 sourceware.org: https://sourceware.org/bugzilla/show_bug.cgi?id=32582 sourceware.org: https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2025-0001 sourceware.org: https://sourceware.org/pipermail/libc-announce/2025/000044.html openwall.com: http://www.openwall.com/lists/oss-security/2025/01/22/4 openwall.com: http://www.openwall.com/lists/oss-security/2025/01/23/2 security.netapp.com: https://security.netapp.com/advisory/ntap-20250228-0006/ openwall.com: http://www.openwall.com/lists/oss-security/2025/04/13/1 openwall.com: http://www.openwall.com/lists/oss-security/2025/04/24/7 lists.debian.org: https://lists.debian.org/debian-lts-announce/2025/04/msg00039.html cert-portal.siemens.com: https://cert-portal.siemens.com/productcert/html/ssa-398330.html cert-portal.siemens.com: https://cert-portal.siemens.com/productcert/html/ssa-577017.html

Credits

Qualys Security Advisory