33185 – (CVE-2025-8058) Double-free after memory allocation failure in regcomp bracket expression parsing (CVE-2025-8058)

Bug 33185 (CVE-2025-8058) - Double-free after memory allocation failure in regcomp bracket expression parsing (CVE-2025-8058)

Summary: Double-free after memory allocation failure in regcomp bracket expression par...

Status:	RESOLVED FIXED

Alias:	CVE-2025-8058

Product:	glibc
Classification:	Unclassified
Component:	regex (show other bugs)
Version:	unspecified

Importance:	P2 normal
Target Milestone:	2.42
Assignee:	Florian Weimer

URL:
Keywords:

Depends on:
Blocks:

Reported:	2025-07-19 14:20 UTC by Florian Weimer
Modified:	2025-07-23 20:51 UTC (History)
CC List:	3 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:
Project(s) to access:
ssh public key:

Flags:	fweimer: security+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Florian Weimer 2025-07-19 14:20:17 UTC

If a memory allocation failure occurs during bracket expression parsing in regcomp, a double-free error may occur.

Initially reported by Anastasia Belova <abelova@astralinux.ru>.

Comment 1 Florian Weimer 2025-07-22 06:37:09 UTC

Fixed for glibc 2.42 via:

commit 7ea06e994093fa0bcca0d0ee2c1db271d8d7885d
Author: Florian Weimer <fweimer@redhat.com>
Date:   Mon Jul 21 21:43:49 2025 +0200

    posix: Fix double-free after allocation failure in regcomp (bug 33185)
    
    If a memory allocation failure occurs during bracket expression
    parsing in regcomp, a double-free error may result.
    
    Reported-by: Anastasia Belova <abelova@astralinux.ru>
    Co-authored-by: Paul Eggert <eggert@cs.ucla.edu>
    Reviewed-by: Andreas K. Huettel <dilfridge@gentoo.org>