Nixpkgs Security Tracker

Untriaged

Permalink CVE-2025-4373

4.8 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): LOW
Availability impact (A): LOW

created 6 months, 1 week ago

Glib: buffer underflow on glib through glib/gstring.c via function g_string_insert_unichar

A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.

References

RHBZ#2364265 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-4373 x_refsource_REDHAT vdb-entry
https://access.redhat.com/security/cve/CVE-2025-4373 x_refsource_REDHAT vdb-entry
RHBZ#2364265 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-4373 x_refsource_REDHAT vdb-entry
RHBZ#2364265 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-4373 x_refsource_REDHAT vdb-entry
RHBZ#2364265 issue-tracking x_refsource_REDHAT
RHSA-2025:10855 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-4373 x_refsource_REDHAT vdb-entry
RHBZ#2364265 issue-tracking x_refsource_REDHAT
RHSA-2025:10855 x_refsource_REDHAT vendor-advisory
RHSA-2025:11140 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-4373 x_refsource_REDHAT vdb-entry
RHBZ#2364265 issue-tracking x_refsource_REDHAT
RHSA-2025:10855 x_refsource_REDHAT vendor-advisory
RHSA-2025:11140 x_refsource_REDHAT vendor-advisory
RHSA-2025:11327 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-4373 x_refsource_REDHAT vdb-entry
RHBZ#2364265 issue-tracking x_refsource_REDHAT
RHSA-2025:10855 x_refsource_REDHAT vendor-advisory
RHSA-2025:11140 x_refsource_REDHAT vendor-advisory
RHSA-2025:11327 x_refsource_REDHAT vendor-advisory
RHSA-2025:11373 x_refsource_REDHAT vendor-advisory
RHSA-2025:11374 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-4373 x_refsource_REDHAT vdb-entry
RHBZ#2364265 issue-tracking x_refsource_REDHAT
RHSA-2025:10855 x_refsource_REDHAT vendor-advisory
RHSA-2025:11140 x_refsource_REDHAT vendor-advisory
RHSA-2025:11327 x_refsource_REDHAT vendor-advisory
RHSA-2025:11373 x_refsource_REDHAT vendor-advisory
RHSA-2025:11374 x_refsource_REDHAT vendor-advisory
RHSA-2025:11662 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-4373 x_refsource_REDHAT vdb-entry
RHBZ#2364265 issue-tracking x_refsource_REDHAT
RHSA-2025:10855 x_refsource_REDHAT vendor-advisory
RHSA-2025:11140 x_refsource_REDHAT vendor-advisory
RHSA-2025:11327 x_refsource_REDHAT vendor-advisory
RHSA-2025:11373 x_refsource_REDHAT vendor-advisory
RHSA-2025:11374 x_refsource_REDHAT vendor-advisory
RHSA-2025:11662 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-4373 x_refsource_REDHAT vdb-entry
RHBZ#2364265 issue-tracking x_refsource_REDHAT
https://gitlab.gnome.org/GNOME/glib/-/issues/3677
RHSA-2025:10855 x_refsource_REDHAT vendor-advisory
RHSA-2025:11140 x_refsource_REDHAT vendor-advisory
RHSA-2025:11327 x_refsource_REDHAT vendor-advisory
RHSA-2025:11373 x_refsource_REDHAT vendor-advisory
RHSA-2025:11374 x_refsource_REDHAT vendor-advisory
RHSA-2025:11662 x_refsource_REDHAT vendor-advisory
RHSA-2025:12275 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-4373 x_refsource_REDHAT vdb-entry
RHBZ#2364265 issue-tracking x_refsource_REDHAT
https://gitlab.gnome.org/GNOME/glib/-/issues/3677
RHSA-2025:10855 x_refsource_REDHAT vendor-advisory
RHSA-2025:11140 x_refsource_REDHAT vendor-advisory
RHSA-2025:11327 x_refsource_REDHAT vendor-advisory
RHSA-2025:11373 x_refsource_REDHAT vendor-advisory
RHSA-2025:11374 x_refsource_REDHAT vendor-advisory
RHSA-2025:11662 x_refsource_REDHAT vendor-advisory
RHSA-2025:12275 x_refsource_REDHAT vendor-advisory
RHSA-2025:13335 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-4373 x_refsource_REDHAT vdb-entry
RHBZ#2364265 issue-tracking x_refsource_REDHAT
https://gitlab.gnome.org/GNOME/glib/-/issues/3677
RHSA-2025:14989 x_refsource_REDHAT vendor-advisory
RHSA-2025:14990 x_refsource_REDHAT vendor-advisory
RHSA-2025:14991 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-4373 x_refsource_REDHAT vdb-entry
RHBZ#2364265 issue-tracking x_refsource_REDHAT
https://gitlab.gnome.org/GNOME/glib/-/issues/3677
RHSA-2025:10855 x_refsource_REDHAT vendor-advisory
RHSA-2025:11140 x_refsource_REDHAT vendor-advisory
RHSA-2025:11327 x_refsource_REDHAT vendor-advisory
RHSA-2025:11373 x_refsource_REDHAT vendor-advisory
RHSA-2025:11374 x_refsource_REDHAT vendor-advisory
RHSA-2025:11662 x_refsource_REDHAT vendor-advisory
RHSA-2025:12275 x_refsource_REDHAT vendor-advisory
RHSA-2025:13335 x_refsource_REDHAT vendor-advisory
RHSA-2025:14988 x_refsource_REDHAT vendor-advisory
RHSA-2025:10855 x_refsource_REDHAT vendor-advisory
RHSA-2025:11140 x_refsource_REDHAT vendor-advisory
RHSA-2025:11327 x_refsource_REDHAT vendor-advisory
RHSA-2025:11373 x_refsource_REDHAT vendor-advisory
RHSA-2025:11374 x_refsource_REDHAT vendor-advisory
RHSA-2025:11662 x_refsource_REDHAT vendor-advisory
RHSA-2025:12275 x_refsource_REDHAT vendor-advisory
RHSA-2025:13335 x_refsource_REDHAT vendor-advisory
RHSA-2025:14988 x_refsource_REDHAT vendor-advisory
RHSA-2025:14989 x_refsource_REDHAT vendor-advisory
RHSA-2025:14990 x_refsource_REDHAT vendor-advisory
RHSA-2025:14991 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-4373 x_refsource_REDHAT vdb-entry
RHBZ#2364265 issue-tracking x_refsource_REDHAT
https://gitlab.gnome.org/GNOME/glib/-/issues/3677
RHSA-2025:12275 x_refsource_REDHAT vendor-advisory
RHSA-2025:13335 x_refsource_REDHAT vendor-advisory
RHSA-2025:14988 x_refsource_REDHAT vendor-advisory
RHSA-2025:14989 x_refsource_REDHAT vendor-advisory
RHSA-2025:14990 x_refsource_REDHAT vendor-advisory
RHSA-2025:14991 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-4373 x_refsource_REDHAT vdb-entry
RHBZ#2364265 issue-tracking x_refsource_REDHAT
https://gitlab.gnome.org/GNOME/glib/-/issues/3677
RHSA-2025:10855 x_refsource_REDHAT vendor-advisory
RHSA-2025:11140 x_refsource_REDHAT vendor-advisory
RHSA-2025:11327 x_refsource_REDHAT vendor-advisory
RHSA-2025:11373 x_refsource_REDHAT vendor-advisory
RHSA-2025:11374 x_refsource_REDHAT vendor-advisory
RHSA-2025:11662 x_refsource_REDHAT vendor-advisory
RHSA-2025:10855 x_refsource_REDHAT vendor-advisory
RHSA-2025:11140 x_refsource_REDHAT vendor-advisory
RHSA-2025:11327 x_refsource_REDHAT vendor-advisory
RHSA-2025:11373 x_refsource_REDHAT vendor-advisory
RHSA-2025:11374 x_refsource_REDHAT vendor-advisory
RHSA-2025:11662 x_refsource_REDHAT vendor-advisory
RHSA-2025:12275 x_refsource_REDHAT vendor-advisory
RHSA-2025:13335 x_refsource_REDHAT vendor-advisory
RHSA-2025:14988 x_refsource_REDHAT vendor-advisory
RHSA-2025:14989 x_refsource_REDHAT vendor-advisory
RHSA-2025:14990 x_refsource_REDHAT vendor-advisory
RHSA-2025:14991 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-4373 x_refsource_REDHAT vdb-entry
RHBZ#2364265 issue-tracking x_refsource_REDHAT
https://gitlab.gnome.org/GNOME/glib/-/issues/3677
RHSA-2025:14990 x_refsource_REDHAT vendor-advisory
RHSA-2025:14991 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-4373 x_refsource_REDHAT vdb-entry
RHBZ#2364265 issue-tracking x_refsource_REDHAT
https://gitlab.gnome.org/GNOME/glib/-/issues/3677
RHSA-2025:10855 x_refsource_REDHAT vendor-advisory
RHSA-2025:11140 x_refsource_REDHAT vendor-advisory
RHSA-2025:11327 x_refsource_REDHAT vendor-advisory
RHSA-2025:11373 x_refsource_REDHAT vendor-advisory
RHSA-2025:11374 x_refsource_REDHAT vendor-advisory
RHSA-2025:11662 x_refsource_REDHAT vendor-advisory
RHSA-2025:12275 x_refsource_REDHAT vendor-advisory
RHSA-2025:13335 x_refsource_REDHAT vendor-advisory
RHSA-2025:14988 x_refsource_REDHAT vendor-advisory
RHSA-2025:14989 x_refsource_REDHAT vendor-advisory

Affected products

glib

<2.84.2

bootc

glib2

loupe

librsvg2

mingw-glib2

glycin-loaders

rhosdt/jaeger-agent-rhel8

rhosdt/jaeger-query-rhel8

rhosdt/jaeger-ingester-rhel8

rhosdt/jaeger-rhel8-operator

rhosdt/jaeger-collector-rhel8

rhosdt/jaeger-operator-bundle

rhosdt/jaeger-all-in-one-rhel8

rhosdt/jaeger-es-rollover-rhel8

rhosdt/jaeger-es-index-cleaner-rhel8

registry.redhat.io/rhosdt/jaeger-agent-rhel8

registry.redhat.io/rhosdt/jaeger-query-rhel8

insights-proxy/insights-proxy-container-rhel9

registry.redhat.io/rhosdt/jaeger-ingester-rhel8

registry.redhat.io/rhosdt/jaeger-rhel8-operator

registry.redhat.io/rhosdt/jaeger-collector-rhel8

registry.redhat.io/rhosdt/jaeger-operator-bundle

registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8

registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8

registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8

registry.redhat.io/insights-proxy/insights-proxy-container-rhel9

Matching in nixpkgs

pkgs.bootc

Boot and upgrade via container images

nixos-unstable -
- nixpkgs-unstable 1.6.0

pkgs.podman-bootc

Streamlining podman+bootc interactions

nixos-unstable -
- nixpkgs-unstable 0.1.2

pkgs.mlxbf-bootctl

Control BlueField boot partitions

nixos-unstable -
- nixpkgs-unstable 2025-01-16

pkgs.systemd-bootchart

Boot performance graphing tool from systemd

nixos-unstable -
- nixpkgs-unstable 235

pkgs.rubyPackages.glib2

None

nixos-unstable -
- nixpkgs-unstable glib2-4.3.3

pkgs.rubyPackages_3_1.glib2

None

nixos-unstable -
- nixpkgs-unstable glib2-4.3.3

pkgs.rubyPackages_3_2.glib2

None

nixos-unstable -
- nixpkgs-unstable glib2-4.3.3

pkgs.rubyPackages_3_3.glib2

None

nixos-unstable -
- nixpkgs-unstable glib2-4.3.3

pkgs.rubyPackages_3_4.glib2

None

nixos-unstable -
- nixpkgs-unstable glib2-4.3.3

Package maintainers

@Thesola10 Karim Vergnes <me@thesola.io>
@nikstur nikstur <nikstur@outlook.com>
@thillux Markus Theil <theil.markus@gmail.com>
@evan-goode Evan Goode <mail@evangoo.de>
@brianmcgillion Brian McGillion <bmg.avoin@gmail.com>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.bootc

pkgs.podman-bootc

pkgs.mlxbf-bootctl

pkgs.systemd-bootchart

pkgs.rubyPackages.glib2

pkgs.rubyPackages_3_1.glib2

pkgs.rubyPackages_3_2.glib2

pkgs.rubyPackages_3_3.glib2

pkgs.rubyPackages_3_4.glib2

Package maintainers