Description
A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.
Published: 2025-11-26
Score: 7.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Heap-based memory corruption due to integer overflow in glib’s g_escape_uri_string()
Action: Apply Patch
AI Analysis

Impact

A heap‑based buffer overflow occurs when g_escape_uri_string() calculates an incorrect buffer size for strings containing many unescaped characters. The overflow can write beyond the allocated memory of the escaped string, potentially corrupting program state and causing crashes. No evidence from the description indicates that this flaw directly leads to code execution, but memory corruption may lead to unpredictable behavior.

Affected Systems

Red Hat products that ship with glib, including Red Hat Enterprise Linux 6‑10, Ceph Storage 8, Discovery 2, and OpenShift Container Platform versions 4.12 through 4.19, are affected. Any application or service on these systems that calls g_escape_uri_string() with untrusted or large inputs could be impacted.

Risk and Exploitability

The CVSS score of 7.7 reflects high severity, yet the EPSS score is less than 1% and the vulnerability is not listed in CISA KEV, indicating a low probability of wild exploitation. Based on the description, it is inferred that attackers would need to supply crafted input that triggers the overflow, making the likely attack surface local or within controlled environments rather than remote code execution. No public exploitation is documented.

Generated by OpenCVE AI on April 20, 2026 at 18:59 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

OpenCVE Recommended Actions

  • Install the latest glib packages from Red Hat updates – RHSA‑2026:0936, RHSA‑2026:0975, and RHSA‑2026:0991 – to apply the integer‑overflow fix.
  • For all Red Hat subscription products, ensure any additional relevant errata (e.g., RHSA‑2026:1323, RHSA‑2026:1324, RHSA‑2026:1326, RHSA‑2026:1327, RHSA‑2026:1465, RHSA‑2026:1608) are applied so that the patched glib library is fully deployed.
  • Restart services or reboot systems that use glib after applying the updates to ensure the new library code is loaded.
  • Continuously monitor Red Hat security advisories for further updates or related mitigations.

Generated by OpenCVE AI on April 20, 2026 at 18:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4412-1 glib2.0 security update
Ubuntu USN Ubuntu USN USN-7942-1 GLib vulnerabilities
Ubuntu USN Ubuntu USN USN-7942-2 GLib vulnerabilities
References
Link Providers
https://access.redhat.com/errata/RHSA-2026:0936 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0975 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0991 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:1323 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:1324 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:1326 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:1327 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:1465 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:1608 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:1624 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:1625 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:1626 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:1627 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:1652 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:1736 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:2064 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:2072 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:2485 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:2563 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:2633 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:2659 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:2671 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:2974 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:3415 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:4419 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:7461 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2025-13601 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2416741 cve-icon cve-icon
https://gitlab.gnome.org/GNOME/glib/-/issues/3827 cve-icon cve-icon cve-icon
https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-13601 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-13601 cve-icon
History

Sun, 19 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
References

Mon, 13 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat hummingbird
CPEs cpe:/a:redhat:hummingbird:1
Vendors & Products Redhat hummingbird

Thu, 19 Mar 2026 06:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.15::el9
References

Thu, 05 Mar 2026 11:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.13::el9
References

Thu, 26 Feb 2026 15:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.14::el9
References

Tue, 24 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Container Platform
Redhat openshift Container Platform For Arm64
Redhat openshift Container Platform For Ibm Z
Redhat openshift Container Platform For Linuxone
Redhat openshift Container Platform For Power
CPEs cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.16:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.17:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.18:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.19:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.16:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.17:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.18:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.19:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.16:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.17:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.18:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.19:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.16:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.17:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.18:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.19:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.16:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.17:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.18:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.19:*:*:*:*:*:*:*
Vendors & Products Redhat openshift Container Platform
Redhat openshift Container Platform For Arm64
Redhat openshift Container Platform For Ibm Z
Redhat openshift Container Platform For Linuxone
Redhat openshift Container Platform For Power

Thu, 19 Feb 2026 01:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.17::el9
cpe:/a:redhat:openshift:4.19::el9
References

Wed, 18 Feb 2026 20:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.16::el9
References

Fri, 13 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.12::el8
References

Wed, 11 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhui
CPEs cpe:/a:redhat:rhui:5::el9
Vendors & Products Redhat rhui
References

Wed, 11 Feb 2026 05:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4 cpe:/a:redhat:openshift:4.18::el9
References

Tue, 10 Feb 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat insights Proxy
CPEs cpe:/a:redhat:insights_proxy:1.5::el9
Vendors & Products Redhat insights Proxy
References

Fri, 06 Feb 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Gnome
Gnome glib
CPEs cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*
Vendors & Products Gnome
Gnome glib

Fri, 06 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat codeready Linux Builder
Redhat codeready Linux Builder For Arm64
Redhat codeready Linux Builder For Arm64 Eus
Redhat codeready Linux Builder For Ibm Z Systems
Redhat codeready Linux Builder For Ibm Z Systems Eus
Redhat codeready Linux Builder For Power Little Endian
Redhat codeready Linux Builder For Power Little Endian Eus
Redhat codeready Linux Builder For X86 64
Redhat codeready Linux Builder For X86 64 Eus
Redhat enterprise Linux For Arm 64
Redhat enterprise Linux For Arm 64 Eus
Redhat enterprise Linux For Ibm Z Systems
Redhat enterprise Linux For Ibm Z Systems Eus
Redhat enterprise Linux For Power Little Endian
Redhat enterprise Linux For Power Little Endian Eus
Redhat enterprise Linux For X86 64
Redhat enterprise Linux For X86 64 Eus
Redhat enterprise Linux Server Aus
Redhat enterprise Linux Server For Power Little Endian
Redhat enterprise Linux Server For Power Little Endian Eus
Redhat enterprise Linux Server Tus
CPEs cpe:2.3:a:redhat:ceph_storage:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder:9.0:*:*:*:*:*:aarch64:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:10.0:*:*:*:*:*:aarch64:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:8.0:*:*:*:*:*:aarch64:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.6:*:*:*:*:*:aarch64:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:10.0:*:*:*:*:*:aarch64:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4:*:*:*:*:*:aarch64:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:10.0_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.6_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:10.0_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:10.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:9.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:10.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_x86_64:10.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_x86_64:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_x86_64:9.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_x86_64:9.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_x86_64:9.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_x86_64_eus:10.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:discovery:2.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:10.0:*:*:*:*:*:aarch64:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:aarch64:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0:*:*:*:*:*:aarch64:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2:*:*:*:*:*:aarch64:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.4:*:*:*:*:*:aarch64:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.6:*:*:*:*:*:aarch64:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:10.0:*:*:*:*:*:aarch64:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:10.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.6_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:10.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:10.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:10.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_x86_64:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_x86_64:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_x86_64:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_x86_64:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_x86_64:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_x86_64:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_x86_64:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_x86_64:9.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_x86_64_eus:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_x86_64_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_x86_64_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_x86_64_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_x86_64_eus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_x86_64_eus:9.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian:10.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian:8.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian:9.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*
Vendors & Products Redhat codeready Linux Builder
Redhat codeready Linux Builder For Arm64
Redhat codeready Linux Builder For Arm64 Eus
Redhat codeready Linux Builder For Ibm Z Systems
Redhat codeready Linux Builder For Ibm Z Systems Eus
Redhat codeready Linux Builder For Power Little Endian
Redhat codeready Linux Builder For Power Little Endian Eus
Redhat codeready Linux Builder For X86 64
Redhat codeready Linux Builder For X86 64 Eus
Redhat enterprise Linux For Arm 64
Redhat enterprise Linux For Arm 64 Eus
Redhat enterprise Linux For Ibm Z Systems
Redhat enterprise Linux For Ibm Z Systems Eus
Redhat enterprise Linux For Power Little Endian
Redhat enterprise Linux For Power Little Endian Eus
Redhat enterprise Linux For X86 64
Redhat enterprise Linux For X86 64 Eus
Redhat enterprise Linux Server Aus
Redhat enterprise Linux Server For Power Little Endian
Redhat enterprise Linux Server For Power Little Endian Eus
Redhat enterprise Linux Server Tus

Mon, 02 Feb 2026 23:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat discovery
CPEs cpe:/a:redhat:discovery:2::el9
Vendors & Products Redhat discovery
References

Mon, 02 Feb 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat ceph Storage
CPEs cpe:/a:redhat:ceph_storage:8::el9
Vendors & Products Redhat ceph Storage
References

Mon, 02 Feb 2026 03:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus Long Life
CPEs cpe:/o:redhat:rhel_aus:8.4::baseos
cpe:/o:redhat:rhel_aus:8.6::baseos
cpe:/o:redhat:rhel_e4s:8.6::baseos
cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
cpe:/o:redhat:rhel_tus:8.6::baseos
Vendors & Products Redhat rhel Eus Long Life
References

Mon, 02 Feb 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel Els
Redhat rhel Tus
CPEs cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:rhel_aus:8.2::baseos
cpe:/o:redhat:rhel_e4s:8.8::baseos
cpe:/o:redhat:rhel_els:7
cpe:/o:redhat:rhel_tus:8.8::baseos
Vendors & Products Redhat rhel Aus
Redhat rhel Els
Redhat rhel Tus
References

Wed, 28 Jan 2026 07:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_eus:9.6::appstream
cpe:/a:redhat:rhel_eus:9.6::crb
cpe:/o:redhat:rhel_eus:9.6::baseos
References

Tue, 27 Jan 2026 09:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_e4s:9.2::appstream
cpe:/a:redhat:rhel_eus:9.4::appstream
cpe:/a:redhat:rhel_eus:9.4::crb
cpe:/o:redhat:rhel_e4s:9.2::baseos
cpe:/o:redhat:rhel_eus:9.4::baseos
Vendors & Products Redhat rhel Eus
References

Tue, 27 Jan 2026 07:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat enterprise Linux Eus
CPEs cpe:/o:redhat:enterprise_linux_eus:10.0
Vendors & Products Redhat enterprise Linux Eus
References

Tue, 27 Jan 2026 07:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel E4s
CPEs cpe:/a:redhat:rhel_e4s:9.0::appstream
cpe:/o:redhat:rhel_e4s:9.0::baseos
Vendors & Products Redhat rhel E4s
References

Thu, 22 Jan 2026 23:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8::crb
cpe:/o:redhat:enterprise_linux:8::baseos
References

Thu, 22 Jan 2026 10:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10.1
References

Wed, 21 Jan 2026 23:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:enterprise_linux:9::crb
cpe:/o:redhat:enterprise_linux:9::baseos
References

Thu, 27 Nov 2025 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 26 Nov 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 26 Nov 2025 15:00:00 +0000

Type Values Removed Values Added
Description A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.
Title Glib: integer overflow in in g_escape_uri_string()
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Weaknesses CWE-190
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H'}

Subscriptions

Gnome Glib
Redhat Ceph Storage Codeready Linux Builder Codeready Linux Builder For Arm64 Codeready Linux Builder For Arm64 Eus Codeready Linux Builder For Ibm Z Systems Codeready Linux Builder For Ibm Z Systems Eus Codeready Linux Builder For Power Little Endian Codeready Linux Builder For Power Little Endian Eus Codeready Linux Builder For X86 64 Codeready Linux Builder For X86 64 Eus Discovery Enterprise Linux Enterprise Linux Eus Enterprise Linux For Arm 64 Enterprise Linux For Arm 64 Eus Enterprise Linux For Ibm Z Systems Enterprise Linux For Ibm Z Systems Eus Enterprise Linux For Power Little Endian Enterprise Linux For Power Little Endian Eus Enterprise Linux For X86 64 Enterprise Linux For X86 64 Eus Enterprise Linux Server Aus Enterprise Linux Server For Power Little Endian Enterprise Linux Server For Power Little Endian Eus Enterprise Linux Server Tus Hummingbird Insights Proxy Openshift Openshift Container Platform Openshift Container Platform For Arm64 Openshift Container Platform For Ibm Z Openshift Container Platform For Linuxone Openshift Container Platform For Power Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Eus Long Life Rhel Tus Rhui
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-19T19:38:15.168Z

Reserved: 2025-11-24T12:54:51.473Z

Link: CVE-2025-13601

cve-icon Vulnrichment

Updated: 2025-11-26T14:58:11.050Z

cve-icon NVD

Status : Modified

Published: 2025-11-26T15:15:51.723

Modified: 2026-04-19T20:16:19.257

Link: CVE-2025-13601

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-11-24T13:00:15Z

Links: CVE-2025-13601 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T19:00:10Z

Weaknesses