mirror of
https://sourceware.org/git/glibc.git
synced 2025-12-20 01:12:17 +08:00
3ff17af18c
The fix is already installed (7ea06e9940).
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
15 lines
657 B
Plaintext
15 lines
657 B
Plaintext
posix: Fix double-free after allocation failure in regcomp
|
|
|
|
The regcomp function in the GNU C library version from 2.4 to 2.41 is
|
|
subject to a double free if some previous allocation fails. It can be
|
|
accomplished either by a malloc failure or by using an interposed
|
|
malloc that injects random malloc failures. The double free can allow
|
|
buffer manipulation depending of how the regex is constructed.
|
|
This issue affects all architectures and ABIs supported by the GNU C
|
|
library.
|
|
|
|
CVE-Id: CVE-2025-8058
|
|
Public-Date: 2025-07-22
|
|
Vulnerable-Commit: 963d8d782fc98fb6dc3a66f0068795f9920c269d (2.3.3-1596)
|
|
Fix-Commit: 7ea06e994093fa0bcca0d0ee2c1db271d8d7885d (2.42)
|