CVE-2025-6052

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.

CVSS v3 3.7 LOW

3.7^/10

CVSS v3 : LOW

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2025-6052	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2372666	Issue Tracking Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*

History

20 Aug 2025, 17:27

Type	Values Removed	Values Added
References	~~() https://access.redhat.com/security/cve/CVE-2025-6052 -~~	() https://access.redhat.com/security/cve/CVE-2025-6052 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2372666 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2372666 - Issue Tracking, Third Party Advisory
First Time		Gnome glib Gnome
CPE		cpe:2.3:a:gnome:glib::::::::

16 Jun 2025, 12:32

Type	Values Removed	Values Added
Summary		(es) Se encontró una falla en la gestión de memoria de GString de GLib al añadir datos a cadenas. Si una cadena ya es muy grande, combinarla con más datos puede causar un desbordamiento oculto en el cálculo del tamaño. Esto hace que el sistema piense que tiene suficiente memoria cuando no la tiene. Como resultado, los datos pueden escribirse más allá del límite de memoria asignada, lo que provoca fallos o corrupción de memoria.

13 Jun 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-13 16:15

Updated : 2025-08-20 17:27

NVD link : CVE-2025-6052

Mitre link : CVE-2025-6052

CVE.ORG link : CVE-2025-6052

JSON object : View

Products Affected

gnome

glib

CWE

CWE-190

Integer Overflow or Wraparound

{"id": "CVE-2025-6052", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-06-13T16:15:28.230", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-6052", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372666", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in how GLib\u2019s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn\u2019t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en la gesti\u00f3n de memoria de GString de GLib al a\u00f1adir datos a cadenas. Si una cadena ya es muy grande, combinarla con m\u00e1s datos puede causar un desbordamiento oculto en el c\u00e1lculo del tama\u00f1o. Esto hace que el sistema piense que tiene suficiente memoria cuando no la tiene. Como resultado, los datos pueden escribirse m\u00e1s all\u00e1 del l\u00edmite de memoria asignada, lo que provoca fallos o corrupci\u00f3n de memoria."}], "lastModified": "2025-08-20T17:27:24.260", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E728915-6D6F-42BB-95CC-D1B6F6B2DDED", "versionEndIncluding": "2.84.3", "versionStartIncluding": "2.75.3"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}