The GNU C Library security advisories update for 2025-01-22
Siddhesh Poyarekar
siddhesh@gotplt.org
Wed Jan 22 15:25:16 GMT 2025
The following security advisories have been published:
GLIBC-SA-2025-0001:
===================
assert: Buffer overflow when printing assertion failure message
When the assert() function fails, it does not allocate enough space for
the assertion failure message string and size information, which may
lead to a buffer overflow if the message string size aligns to page size.
This bug can be triggered when an assertion in a program fails. The
assertion failure message is allocated to allow developers to see this
failure in core dumps and it typically includes, in addition to the
invariant assertion string and function name, the name of the program.
If the name of the failing program is user controlled, for example on a
local system, this could allow an attacker to control the assertion
failure to trigger this buffer overflow.
The only viable vector for exploitation of this bug is local, if a
setuid program exists that has an existing bug that results in an
assertion failure. No such program has been discovered at the time of
publishing this advisory, but the presence of custom setuid programs,
although strongly discouraged as a security practice, cannot be discounted.
CVE-Id: CVE-2025-0395
Public-Date: 2025-01-22
Vulnerable-Commit: f8a3b5bf8fa1d0c43d2458e03cc109a04fdef194 (2.13-175)
Fix-Commit: 68ee0f704cb81e9ad0a78c644a83e1e9cd2ee578 (2.41)
Fix-Commit: 7d4b6bcae91f29d7b4daf15bab06b66cf1d2217c (2.40-66)
Reported-By: Qualys Security Advisory
Notes:
======
Published advisories are available directly in the project git repository:
https://sourceware.org/git/?p=glibc.git;a=tree;f=advisories;hb=HEAD
More information about the Libc-announce
mailing list