CVE-2025-13601 - Vulnerability Details

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0003.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

unaffected

Version	Status	Constraints
`0`	affected	< 2.86.3

Red Hat

Red Hat Enterprise Linux 10

affected

Version	Status	Constraints
`0:2.80.4-10.el10_1.12`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 10.0 Extended Update Support

affected

Version	Status	Constraints
`0:2.80.4-4.el10_0.8`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 7 Extended Lifecycle Support

affected

Version	Status	Constraints
`0:2.56.1-11.el7_9`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8

affected

Version	Status	Constraints
`0:2.56.4-168.el8_10`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.2 Advanced Update Support

affected

Version	Status	Constraints
`0:2.56.4-8.el8_2.4`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

affected

Version	Status	Constraints
`0:2.56.4-10.el8_4.4`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

affected

Version	Status	Constraints
`0:2.56.4-10.el8_4.4`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support

affected

Version	Status	Constraints
`0:2.56.4-158.el8_6.4`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.6 Telecommunications Update Service

affected

Version	Status	Constraints
`0:2.56.4-158.el8_6.4`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions

affected

Version	Status	Constraints
`0:2.56.4-158.el8_6.4`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.8 Telecommunications Update Service

affected

Version	Status	Constraints
`0:2.56.4-164.el8_8`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions

affected

Version	Status	Constraints
`0:2.56.4-164.el8_8`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9

affected

Version	Status	Constraints
`0:2.68.4-18.el9_7.1`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9

affected

Version	Status	Constraints
`0:2.68.4-18.el9_7.1`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

affected

Version	Status	Constraints
`0:2.68.4-5.el9_0.4`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

affected

Version	Status	Constraints
`0:2.68.4-7.el9_2.4`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9.4 Extended Update Support

affected

Version	Status	Constraints
`0:2.68.4-14.el9_4.5`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9.6 Extended Update Support

affected

Version	Status	Constraints
`0:2.68.4-16.el9_6.4`	unaffected	< *

Red Hat

Red Hat OpenShift Container Platform 4.18

affected

Version	Status	Constraints
`418.94.202602022246-0`	unaffected	< *

Red Hat

Red Hat Ceph Storage 8

affected

Version	Status	Constraints
`sha256:09aaeba975aa74bdf95d63e5619c0cabb1cd9e1410aa34e7f8ecf24a5e291d1a`	unaffected	< *

Red Hat

Red Hat Discovery 2

affected

Version	Status	Constraints
`sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8`	unaffected	< *

Red Hat

Red Hat Discovery 2

affected

Version	Status	Constraints
`sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd`	unaffected	< *

Red Hat

Red Hat Insights proxy 1.5

affected

Version	Status	Constraints
`sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc`	unaffected	< *

Red Hat

Red Hat Update Infrastructure 5

affected

Version	Status	Constraints
`sha256:83e8b356eb4697a81ff8c6764dc976862800f4c78122a606173340a6e105a4fe`	unaffected	< *

Red Hat

Red Hat Update Infrastructure 5

affected

Version	Status	Constraints
`sha256:409a64405669fd11ad8700356243762a3507430f9bba4100bb92765d4482b7e5`	unaffected	< *

Red Hat

Red Hat Update Infrastructure 5

affected

Version	Status	Constraints
`sha256:48cf7cf48dfadb17f9357bf1894a5d0393551a893faa8b0ea0e11fe1ffed497f`	unaffected	< *

Red Hat

Red Hat Update Infrastructure 5

affected

Version	Status	Constraints
`sha256:df709663b581b740006c6ea4b297978932874eade1563c3952e0594e926aa5f8`	unaffected	< *

Red Hat Red Hat Enterprise Linux 10 affected —

Red Hat Red Hat Enterprise Linux 6 unknown —

Red Hat Red Hat Enterprise Linux 8 affected —

Red Hat Red Hat Enterprise Linux 9 affected —

Configuration 1 [-]

OR	cpe:2.3:a:redhat:codeready_linux_builder:9.0::::::aarch64:
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:9.0_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_x86_64:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0::::::aarch64:
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_x86_64:9.0:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:10.0::::::aarch64:
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:10.0_s390x:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:10.0_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_x86_64:10.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:10.0::::::aarch64:
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:10.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:10.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_x86_64:10.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:8.0::::::aarch64:
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:8.0_s390x:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_x86_64:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0::::::aarch64:
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_x86_64:8.0:::::::*

Configuration 4 [-]

OR	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2::::::aarch64:
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_x86_64:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::*

Configuration 5 [-]

OR	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4::::::aarch64:
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.4_s390x:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:9.4_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_x86_64:9.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.4::::::aarch64:
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.4_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.4_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_x86_64:9.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_x86_64_eus:9.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian:9.4_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_eus:9.4_ppc64le:::::::*

Configuration 6 [-]

OR	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:10.0::::::aarch64:
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:10.0_s390x:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:10.0_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_x86_64_eus:10.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:10.0::::::aarch64:
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:10.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:10.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_x86_64_eus:10.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian:10.0_ppc64le:::::::*

Configuration 7 [-]

OR	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.6::::::aarch64:
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.6_s390x:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:9.6_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_x86_64:9.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.6::::::aarch64:
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.6_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.6_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.6_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_x86_64:9.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_x86_64_eus:9.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian:9.6_ppc64le:::::::*

Configuration 8 [-]

OR	cpe:2.3:o:redhat:enterprise_linux_for_x86_64:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_x86_64_eus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian:8.6_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*

Configuration 9 [-]

OR	cpe:2.3:o:redhat:enterprise_linux_for_x86_64:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_x86_64_eus:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian:8.8_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:::::::*

Configuration 10 [-]

OR	cpe:2.3:o:redhat:enterprise_linux_for_x86_64_eus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*

Configuration 11 [-]

cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*

Configuration 12 [-]

OR	cpe:2.3:a:redhat:ceph_storage:8.0:::::::*
	cpe:2.3:a:redhat:discovery:2.0:::::::*

Configuration 13 [-]

cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Gnome Subscribe	Glib Subscribe
Redhat Subscribe	Ceph Storage Subscribe Codeready Linux Builder Subscribe Codeready Linux Builder For Arm64 Subscribe Codeready Linux Builder For Arm64 Eus Subscribe Codeready Linux Builder For Ibm Z Systems Subscribe Codeready Linux Builder For Ibm Z Systems Eus Subscribe Codeready Linux Builder For Power Little Endian Subscribe Codeready Linux Builder For Power Little Endian Eus Subscribe Codeready Linux Builder For X86 64 Subscribe Codeready Linux Builder For X86 64 Eus Subscribe Discovery Subscribe Enterprise Linux Subscribe Enterprise Linux Eus Subscribe Enterprise Linux For Arm 64 Subscribe Enterprise Linux For Arm 64 Eus Subscribe Enterprise Linux For Ibm Z Systems Subscribe Enterprise Linux For Ibm Z Systems Eus Subscribe Enterprise Linux For Power Little Endian Subscribe Enterprise Linux For Power Little Endian Eus Subscribe Enterprise Linux For X86 64 Subscribe Enterprise Linux For X86 64 Eus Subscribe Enterprise Linux Server Aus Subscribe Enterprise Linux Server For Power Little Endian Subscribe Enterprise Linux Server For Power Little Endian Eus Subscribe Enterprise Linux Server Tus Subscribe Insights Proxy Subscribe Openshift Subscribe Rhel Aus Subscribe Rhel E4s Subscribe Rhel Els Subscribe Rhel Eus Subscribe Rhel Eus Long Life Subscribe Rhel Tus Subscribe Rhui Subscribe

Advisories

Source	ID	Title
Debian DLA	DLA-4412-1	glib2.0 security update
Ubuntu USN	USN-7942-1	GLib vulnerabilities
Ubuntu USN	USN-7942-2	GLib vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

References

Link	Providers
https://access.redhat.com/errata/RHSA-2026:0936
https://access.redhat.com/errata/RHSA-2026:0975
https://access.redhat.com/errata/RHSA-2026:0991
https://access.redhat.com/errata/RHSA-2026:1323
https://access.redhat.com/errata/RHSA-2026:1324
https://access.redhat.com/errata/RHSA-2026:1326
https://access.redhat.com/errata/RHSA-2026:1327
https://access.redhat.com/errata/RHSA-2026:1465
https://access.redhat.com/errata/RHSA-2026:1608
https://access.redhat.com/errata/RHSA-2026:1624
https://access.redhat.com/errata/RHSA-2026:1625
https://access.redhat.com/errata/RHSA-2026:1626
https://access.redhat.com/errata/RHSA-2026:1627
https://access.redhat.com/errata/RHSA-2026:1652
https://access.redhat.com/errata/RHSA-2026:1736
https://access.redhat.com/errata/RHSA-2026:2072
https://access.redhat.com/errata/RHSA-2026:2485
https://access.redhat.com/errata/RHSA-2026:2563
https://access.redhat.com/security/cve/CVE-2025-13601
https://bugzilla.redhat.com/show_bug.cgi?id=2416741
https://gitlab.gnome.org/GNOME/glib/-/issues/3827
https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914
https://nvd.nist.gov/vuln/detail/CVE-2025-13601
https://www.cve.org/CVERecord?id=CVE-2025-13601

History

Wed, 11 Feb 2026 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhui
CPEs		cpe:/a:redhat:rhui:5::el9
Vendors & Products		Redhat rhui
References		https://access.redhat.com/errata/RHSA-2026:2563

Wed, 11 Feb 2026 05:15:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/a:redhat:openshift:4~~	cpe:/a:redhat:openshift:4.18::el9
References		https://access.redhat.com/errata/RHSA-2026:2072

Tue, 10 Feb 2026 21:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat insights Proxy
CPEs		cpe:/a:redhat:insights_proxy:1.5::el9
Vendors & Products		Redhat insights Proxy
References		https://access.redhat.com/errata/RHSA-2026:2485

Fri, 06 Feb 2026 19:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Gnome Gnome glib
CPEs		cpe:2.3:a:gnome:glib::::::::
Vendors & Products		Gnome Gnome glib

Fri, 06 Feb 2026 19:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat codeready Linux Builder Redhat codeready Linux Builder For Arm64 Redhat codeready Linux Builder For Arm64 Eus Redhat codeready Linux Builder For Ibm Z Systems Redhat codeready Linux Builder For Ibm Z Systems Eus Redhat codeready Linux Builder For Power Little Endian Redhat codeready Linux Builder For Power Little Endian Eus Redhat codeready Linux Builder For X86 64 Redhat codeready Linux Builder For X86 64 Eus Redhat enterprise Linux For Arm 64 Redhat enterprise Linux For Arm 64 Eus Redhat enterprise Linux For Ibm Z Systems Redhat enterprise Linux For Ibm Z Systems Eus Redhat enterprise Linux For Power Little Endian Redhat enterprise Linux For Power Little Endian Eus Redhat enterprise Linux For X86 64 Redhat enterprise Linux For X86 64 Eus Redhat enterprise Linux Server Aus Redhat enterprise Linux Server For Power Little Endian Redhat enterprise Linux Server For Power Little Endian Eus Redhat enterprise Linux Server Tus
CPEs		cpe:2.3:a:redhat:ceph_storage:8.0:::::::* cpe:2.3:a:redhat:codeready_linux_builder:9.0::::::aarch64: cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:10.0::::::aarch64: cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:8.0::::::aarch64: cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.6::::::aarch64: cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:10.0::::::aarch64: cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4::::::aarch64: cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:10.0_s390x:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:8.0_s390x:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.4_s390x:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.6_s390x:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:10.0_s390x:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:10.0_ppc64le:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0_ppc64le:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:9.0_ppc64le:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:9.4_ppc64le:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:9.6_ppc64le:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:10.0_ppc64le:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_x86_64:10.0:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_x86_64:8.0:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_x86_64:9.0:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_x86_64:9.4:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_x86_64:9.6:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_x86_64_eus:10.0:::::::* cpe:2.3:a:redhat:discovery:2.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64:10.0::::::aarch64: cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0::::::aarch64: cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0::::::aarch64: cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2::::::aarch64: cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.4::::::aarch64: cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.6::::::aarch64: cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:10.0::::::aarch64: cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:10.0_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.4_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.6_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:10.0_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:10.0_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.4_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.6_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:10.0_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.6_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_for_x86_64:10.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_x86_64:8.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_x86_64:8.6:::::::* cpe:2.3:o:redhat:enterprise_linux_for_x86_64:8.8:::::::* cpe:2.3:o:redhat:enterprise_linux_for_x86_64:9.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_x86_64:9.2:::::::* cpe:2.3:o:redhat:enterprise_linux_for_x86_64:9.4:::::::* cpe:2.3:o:redhat:enterprise_linux_for_x86_64:9.6:::::::* cpe:2.3:o:redhat:enterprise_linux_for_x86_64_eus:10.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_x86_64_eus:8.4:::::::* cpe:2.3:o:redhat:enterprise_linux_for_x86_64_eus:8.6:::::::* cpe:2.3:o:redhat:enterprise_linux_for_x86_64_eus:8.8:::::::* cpe:2.3:o:redhat:enterprise_linux_for_x86_64_eus:9.4:::::::* cpe:2.3:o:redhat:enterprise_linux_for_x86_64_eus:9.6:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:9.6:::::::* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian:10.0_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian:8.6_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian:8.8_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian:9.4_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian:9.6_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_eus:9.4_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:::::::*
Vendors & Products		Redhat codeready Linux Builder Redhat codeready Linux Builder For Arm64 Redhat codeready Linux Builder For Arm64 Eus Redhat codeready Linux Builder For Ibm Z Systems Redhat codeready Linux Builder For Ibm Z Systems Eus Redhat codeready Linux Builder For Power Little Endian Redhat codeready Linux Builder For Power Little Endian Eus Redhat codeready Linux Builder For X86 64 Redhat codeready Linux Builder For X86 64 Eus Redhat enterprise Linux For Arm 64 Redhat enterprise Linux For Arm 64 Eus Redhat enterprise Linux For Ibm Z Systems Redhat enterprise Linux For Ibm Z Systems Eus Redhat enterprise Linux For Power Little Endian Redhat enterprise Linux For Power Little Endian Eus Redhat enterprise Linux For X86 64 Redhat enterprise Linux For X86 64 Eus Redhat enterprise Linux Server Aus Redhat enterprise Linux Server For Power Little Endian Redhat enterprise Linux Server For Power Little Endian Eus Redhat enterprise Linux Server Tus

Mon, 02 Feb 2026 23:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat discovery
CPEs		cpe:/a:redhat:discovery:2::el9
Vendors & Products		Redhat discovery
References		https://access.redhat.com/errata/RHSA-2026:1736

Mon, 02 Feb 2026 10:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat ceph Storage
CPEs		cpe:/a:redhat:ceph_storage:8::el9
Vendors & Products		Redhat ceph Storage
References		https://access.redhat.com/errata/RHSA-2026:1652

Mon, 02 Feb 2026 03:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Eus Long Life
CPEs		cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_eus_long_life:8.4::baseos cpe:/o:redhat:rhel_tus:8.6::baseos
Vendors & Products		Redhat rhel Eus Long Life
References		https://access.redhat.com/errata/RHSA-2026:1624 https://access.redhat.com/errata/RHSA-2026:1626

Mon, 02 Feb 2026 02:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Aus Redhat rhel Els Redhat rhel Tus
CPEs	~~cpe:/o:redhat:enterprise_linux:7~~	cpe:/o:redhat:rhel_aus:8.2::baseos cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_els:7 cpe:/o:redhat:rhel_tus:8.8::baseos
Vendors & Products		Redhat rhel Aus Redhat rhel Els Redhat rhel Tus
References		https://access.redhat.com/errata/RHSA-2026:1608 https://access.redhat.com/errata/RHSA-2026:1625 https://access.redhat.com/errata/RHSA-2026:1627

Wed, 28 Jan 2026 07:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_eus:9.6::appstream cpe:/a:redhat:rhel_eus:9.6::crb cpe:/o:redhat:rhel_eus:9.6::baseos
References		https://access.redhat.com/errata/RHSA-2026:1465

Tue, 27 Jan 2026 09:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Eus
CPEs		cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/a:redhat:rhel_eus:9.4::crb cpe:/o:redhat:rhel_e4s:9.2::baseos cpe:/o:redhat:rhel_eus:9.4::baseos
Vendors & Products		Redhat rhel Eus
References		https://access.redhat.com/errata/RHSA-2026:1324 https://access.redhat.com/errata/RHSA-2026:1326

Tue, 27 Jan 2026 07:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat enterprise Linux Eus
CPEs		cpe:/o:redhat:enterprise_linux_eus:10.0
Vendors & Products		Redhat enterprise Linux Eus
References		https://access.redhat.com/errata/RHSA-2026:1327

Tue, 27 Jan 2026 07:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel E4s
CPEs		cpe:/a:redhat:rhel_e4s:9.0::appstream cpe:/o:redhat:rhel_e4s:9.0::baseos
Vendors & Products		Redhat rhel E4s
References		https://access.redhat.com/errata/RHSA-2026:1323

Thu, 22 Jan 2026 23:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:8::crb cpe:/o:redhat:enterprise_linux:8::baseos
References		https://access.redhat.com/errata/RHSA-2026:0991

Thu, 22 Jan 2026 10:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:enterprise_linux:10.1
References		https://access.redhat.com/errata/RHSA-2026:0975

Wed, 21 Jan 2026 23:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb cpe:/o:redhat:enterprise_linux:9::baseos
References		https://access.redhat.com/errata/RHSA-2026:0936

Thu, 27 Nov 2025 00:15:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2025-13601 https://www.cve.org/CVERecord?id=CVE-2025-13601
Metrics	threat_severity `None`	threat_severity `Moderate`

Wed, 26 Nov 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 26 Nov 2025 15:00:00 +0000

Type	Values Removed	Values Added
Description		A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.
Title		Glib: integer overflow in in g_escape_uri_string()
First Time appeared		Redhat Redhat enterprise Linux Redhat openshift
Weaknesses		CWE-190
CPEs		cpe:/a:redhat:openshift:4 cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux Redhat openshift
References		https://access.redhat.com/security/cve/CVE-2025-13601 https://bugzilla.redhat.com/show_bug.cgi?id=2416741 https://gitlab.gnome.org/GNOME/glib/-/issues/3827 https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914
Metrics		cvssV3_1 `{'score': 7.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-11-26T14:44:22.680Z

Updated: 2026-02-11T14:40:41.423Z

Reserved: 2025-11-24T12:54:51.473Z

Link: CVE-2025-13601

Vulnrichment

Updated: 2025-11-26T14:58:11.050Z

NVD

Status : Modified

Published: 2025-11-26T15:15:51.723

Modified: 2026-02-11T15:16:12.640

Link: CVE-2025-13601

Redhat

Severity : Moderate

Publid Date: 2025-11-24T13:00:15Z

Links: CVE-2025-13601 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-190

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object