CVE-2025-6052

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.

CVSS v3 3.7 LOW

3.7^/10

CVSS v3 : LOW

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2025-6052	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2372666	Issue Tracking Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*

History

20 Aug 2025, 17:27

Type	Values Removed	Values Added
References	~~() https://access.redhat.com/security/cve/CVE-2025-6052 - Vendor Advisory~~	() https://access.redhat.com/security/cve/CVE-2025-6052 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2372666 - Issue Tracking~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2372666 - Issue Tracking, Third Party Advisory

20 Aug 2025, 17:19

Type	Values Removed	Values Added
First Time		Gnome glib Gnome
CPE		cpe:2.3:a:gnome:glib::::::::
References	~~() https://access.redhat.com/security/cve/CVE-2025-6052 -~~	() https://access.redhat.com/security/cve/CVE-2025-6052 - Vendor Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2372666 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2372666 - Issue Tracking

16 Jun 2025, 12:32

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-13 16:15

Updated : 2025-08-20 17:27

NVD link : CVE-2025-6052

Mitre link : CVE-2025-6052

CVE.ORG link : CVE-2025-6052

JSON object : View

Products Affected

gnome

glib

CWE

CWE-190

Integer Overflow or Wraparound

{"id": "CVE-2025-6052", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-06-13T16:15:28.230", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-6052", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372666", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in how GLib\u2019s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn\u2019t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en la gesti\u00f3n de memoria de GString de GLib al a\u00f1adir datos a cadenas. Si una cadena ya es muy grande, combinarla con m\u00e1s datos puede causar un desbordamiento oculto en el c\u00e1lculo del tama\u00f1o. Esto hace que el sistema piense que tiene suficiente memoria cuando no la tiene. Como resultado, los datos pueden escribirse m\u00e1s all\u00e1 del l\u00edmite de memoria asignada, lo que provoca fallos o corrupci\u00f3n de memoria."}], "lastModified": "2025-08-20T17:27:24.260", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E728915-6D6F-42BB-95CC-D1B6F6B2DDED", "versionEndIncluding": "2.84.3", "versionStartIncluding": "2.75.3"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}