CVE-2025-4373 - Vulnerability Details - OpenCVE

Description

A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.

Published: 2025-05-06

Score: 4.8 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

unaffected

Version	Status	Constraints
`0`	affected	< 2.84.2

Red Hat

Red Hat Enterprise Linux 10

affected

Version	Status	Constraints
`0:2.80.4-4.el10_0.6`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8

affected

Version	Status	Constraints
`0:2.56.4-166.el8_10`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.2 Advanced Update Support

affected

Version	Status	Constraints
`0:2.56.4-8.el8_2.2`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

affected

Version	Status	Constraints
`0:2.56.4-10.el8_4.2`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

affected

Version	Status	Constraints
`0:2.56.4-10.el8_4.2`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support

affected

Version	Status	Constraints
`0:2.56.4-158.el8_6.2`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.6 Telecommunications Update Service

affected

Version	Status	Constraints
`0:2.56.4-158.el8_6.2`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions

affected

Version	Status	Constraints
`0:2.56.4-158.el8_6.2`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.8 Telecommunications Update Service

affected

Version	Status	Constraints
`0:2.56.4-162.el8_8`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions

affected

Version	Status	Constraints
`0:2.56.4-162.el8_8`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9

affected

Version	Status	Constraints
`0:2.68.4-16.el9_6.2`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9

affected

Version	Status	Constraints
`0:2.68.4-16.el9_6.2`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

affected

Version	Status	Constraints
`0:2.68.4-5.el9_0.2`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

affected

Version	Status	Constraints
`0:2.68.4-7.el9_2.2`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9.4 Extended Update Support

affected

Version	Status	Constraints
`0:2.68.4-14.el9_4.3`	unaffected	< *

Red Hat

Red Hat Insights proxy 1.5

affected

Version	Status	Constraints
`sha256:e54a5a5f9d69dd6a03e2bcd845e2202910a188d266d4a79b12c387ceffc36f2d`	unaffected	< *

Red Hat

Red Hat OpenShift distributed tracing 3.6.0

affected

Version	Status	Constraints
`sha256:a891aa3f77d70d9d7966dfc71ff9087f45deb95d3025072da96a3ec5220db1f3`	unaffected	< *

Red Hat

Red Hat OpenShift distributed tracing 3.6.0

affected

Version	Status	Constraints
`sha256:d9ca4a9ec5bc8de23e4550387f822f19949cdfbc4aeeab20e07b206d92f4a426`	unaffected	< *

Red Hat

Red Hat OpenShift distributed tracing 3.6.0

affected

Version	Status	Constraints
`sha256:addf7b49ce99777a3bbf12c2e6678b604f3cfaf91feaaeb4192d75e902e46458`	unaffected	< *

Red Hat

Red Hat OpenShift distributed tracing 3.6.0

affected

Version	Status	Constraints
`sha256:d4ef54ac8de0eaf22e294dad8852ea8b5c20f85deb19629a3a4e0020851266c3`	unaffected	< *

Red Hat

Red Hat OpenShift distributed tracing 3.6.0

affected

Version	Status	Constraints
`sha256:1c4617b035c66b6b34e9b19f618f72a19da5fce644d79e24eb262f14c848bc81`	unaffected	< *

Red Hat

Red Hat OpenShift distributed tracing 3.6.0

affected

Version	Status	Constraints
`sha256:8c5dddd29d08fe8234edbbcda055fe6b0f9a7d7a0edfc3cd130797fdf78cce5c`	unaffected	< *

Red Hat

Red Hat OpenShift distributed tracing 3.6.0

affected

Version	Status	Constraints
`sha256:be3feca3b19ac609e5ef829887b6d03ca3c504163ed0f9e10b2410cdfb175b72`	unaffected	< *

Red Hat

Red Hat OpenShift distributed tracing 3.6.0

affected

Version	Status	Constraints
`sha256:3d37f30462f237f5087ef8ac90e39f5cd2cbaf5c143f7cae9d6155eb574726f2`	unaffected	< *

Red Hat

Red Hat OpenShift distributed tracing 3.6.0

affected

Version	Status	Constraints
`sha256:8fb68adefecd8ccb94404399ac6c8038c064c85287f4f980a0855da1cbd0dcb7`	unaffected	< *

Red Hat Red Hat Enterprise Linux 10 affected —

Red Hat Red Hat Enterprise Linux 10 affected —

Red Hat Red Hat Enterprise Linux 10 affected —

Red Hat Red Hat Enterprise Linux 10 affected —

Red Hat Red Hat Enterprise Linux 6 affected —

Red Hat Red Hat Enterprise Linux 7 affected —

Red Hat Red Hat Enterprise Linux 8 affected —

Red Hat Red Hat Enterprise Linux 8 affected —

Red Hat Red Hat Enterprise Linux 9 affected —

Red Hat Red Hat Enterprise Linux 9 affected —

Red Hat Red Hat Enterprise Linux 9 affected —

No data.

No data.

No data available yet.

Remediation

Vendor Workaround

Currently, no mitigation is available for this vulnerability.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4412-1	glib2.0 security update
EUVD	EUVD-2025-13592	A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.
Ubuntu USN	USN-7532-1	GLib vulnerability

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00742.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://access.redhat.com/errata/RHSA-2025:10855
https://access.redhat.com/errata/RHSA-2025:11140
https://access.redhat.com/errata/RHSA-2025:11327
https://access.redhat.com/errata/RHSA-2025:11373
https://access.redhat.com/errata/RHSA-2025:11374
https://access.redhat.com/errata/RHSA-2025:11662
https://access.redhat.com/errata/RHSA-2025:12275
https://access.redhat.com/errata/RHSA-2025:13335
https://access.redhat.com/errata/RHSA-2025:14988
https://access.redhat.com/errata/RHSA-2025:14989
https://access.redhat.com/errata/RHSA-2025:14990
https://access.redhat.com/errata/RHSA-2025:14991
https://access.redhat.com/security/cve/CVE-2025-4373
https://bugzilla.redhat.com/show_bug.cgi?id=2364265
https://gitlab.gnome.org/GNOME/glib/-/issues/3677
https://nvd.nist.gov/vuln/detail/CVE-2025-4373
https://www.cve.org/CVERecord?id=CVE-2025-4373

History

Wed, 08 Oct 2025 16:15:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:rhivos:1~~
Vendors & Products	Redhat rhivos

Fri, 03 Oct 2025 20:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhivos
CPEs		cpe:/o:redhat:rhivos:1
Vendors & Products		Redhat rhivos

Tue, 02 Sep 2025 03:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Tus
CPEs		cpe:/o:redhat:rhel_aus:8.2::baseos cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/o:redhat:rhel_tus:8.8::baseos
Vendors & Products		Redhat rhel Tus
References		https://access.redhat.com/errata/RHSA-2025:14988 https://access.redhat.com/errata/RHSA-2025:14989 https://access.redhat.com/errata/RHSA-2025:14991

Tue, 02 Sep 2025 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Aus Redhat rhel Eus Long Life
CPEs		cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
Vendors & Products		Redhat rhel Aus Redhat rhel Eus Long Life
References		https://access.redhat.com/errata/RHSA-2025:14990

Thu, 07 Aug 2025 09:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat insights Proxy
CPEs		cpe:/a:redhat:insights_proxy:1.5::el9
Vendors & Products		Redhat insights Proxy
References		https://access.redhat.com/errata/RHSA-2025:13335

Wed, 30 Jul 2025 09:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_e4s:9.0::appstream cpe:/o:redhat:rhel_e4s:9.0::baseos
References		https://access.redhat.com/errata/RHSA-2025:12275

Tue, 29 Jul 2025 13:15:00 +0000

Type	Values Removed	Values Added
References		https://gitlab.gnome.org/GNOME/glib/-/issues/3677

Wed, 23 Jul 2025 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat openshift Distributed Tracing
CPEs		cpe:/a:redhat:openshift_distributed_tracing:3.6::el8
Vendors & Products		Redhat openshift Distributed Tracing
References		https://access.redhat.com/errata/RHSA-2025:11662

Thu, 17 Jul 2025 14:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel E4s Redhat rhel Eus
CPEs		cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/a:redhat:rhel_eus:9.4::crb cpe:/o:redhat:rhel_e4s:9.2::baseos cpe:/o:redhat:rhel_eus:9.4::baseos
Vendors & Products		Redhat rhel E4s Redhat rhel Eus
References		https://access.redhat.com/errata/RHSA-2025:11373 https://access.redhat.com/errata/RHSA-2025:11374

Wed, 16 Jul 2025 19:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:8::crb cpe:/o:redhat:enterprise_linux:8::baseos
References		https://access.redhat.com/errata/RHSA-2025:11327

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00055}`	epss `{'score': 0.00058}`

Tue, 15 Jul 2025 14:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb cpe:/o:redhat:enterprise_linux:9::baseos
References		https://access.redhat.com/errata/RHSA-2025:11140

Tue, 15 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00058}`	epss `{'score': 0.00055}`

Mon, 14 Jul 2025 14:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:enterprise_linux:10.0
References		https://access.redhat.com/errata/RHSA-2025:10855

Sun, 13 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00056}`	epss `{'score': 0.00058}`

Thu, 29 May 2025 12:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:enterprise_linux:10

Tue, 06 May 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 06 May 2025 15:00:00 +0000

Type	Values Removed	Values Added
Description	No description is available for this CVE.	A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.
Title	glib: Buffer Underflow on GLib through glib/gstring.c via function g_string_insert_unichar	Glib: buffer underflow on glib through glib/gstring.c via function g_string_insert_unichar
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux
References		https://access.redhat.com/security/cve/CVE-2025-4373 https://bugzilla.redhat.com/show_bug.cgi?id=2364265

Tue, 06 May 2025 14:30:00 +0000

Type	Values Removed	Values Added
Description		No description is available for this CVE.
Title		glib: Buffer Underflow on GLib through glib/gstring.c via function g_string_insert_unichar
Weaknesses		CWE-124
References		https://nvd.nist.gov/vuln/detail/CVE-2025-4373 https://www.cve.org/CVERecord?id=CVE-2025-4373
Metrics	threat_severity `None`	cvssV3_1 `{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L'}` threat_severity `Moderate`

Subscriptions

Redhat Enterprise Linux Insights Proxy Openshift Distributed Tracing Rhel Aus Rhel E4s Rhel Eus Rhel Eus Long Life Rhel Tus

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-05-06T14:48:39.264Z

Updated: 2026-01-29T19:05:58.921Z

Reserved: 2025-05-06T00:35:29.069Z

Link: CVE-2025-4373

Vulnrichment

Updated: 2025-05-06T15:09:37.975Z

NVD

Status : Awaiting Analysis

Published: 2025-05-06T15:16:05.320

Modified: 2025-09-02T03:15:41.650

Link: CVE-2025-4373

Redhat

Severity : Moderate

Publid Date: 2025-05-06T00:00:00Z

Links: CVE-2025-4373 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-124

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-4373", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2025-05-06T00:35:29.069Z", "datePublished": "2025-05-06T14:48:39.264Z", "dateUpdated": "2026-01-29T19:05:58.921Z"}, "containers": {"cna": {"title": "Glib: buffer underflow on glib through glib/gstring.c via function g_string_insert_unichar", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite."}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "2.84.2", "versionType": "semver"}], "packageName": "glib", "collectionURL": "https://gitlab.gnome.org/GNOME/glib", "defaultStatus": "unaffected"}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "versions": [{"version": "0:2.80.4-4.el10_0.6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:10.0"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "versions": [{"version": "0:2.56.4-166.el8_10", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/o:redhat:enterprise_linux:8::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "versions": [{"version": "0:2.56.4-8.el8_2.2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_aus:8.2::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "versions": [{"version": "0:2.56.4-10.el8_4.2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_eus_long_life:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "versions": [{"version": "0:2.56.4-10.el8_4.2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_eus_long_life:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "versions": [{"version": "0:2.56.4-158.el8_6.2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_tus:8.6::baseos", "cpe:/o:redhat:rhel_e4s:8.6::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "versions": [{"version": "0:2.56.4-158.el8_6.2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_tus:8.6::baseos", "cpe:/o:redhat:rhel_e4s:8.6::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "versions": [{"version": "0:2.56.4-158.el8_6.2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_tus:8.6::baseos", "cpe:/o:redhat:rhel_e4s:8.6::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "versions": [{"version": "0:2.56.4-162.el8_8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_tus:8.8::baseos", "cpe:/o:redhat:rhel_e4s:8.8::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "versions": [{"version": "0:2.56.4-162.el8_8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_tus:8.8::baseos", "cpe:/o:redhat:rhel_e4s:8.8::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "versions": [{"version": "0:2.68.4-16.el9_6.2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "versions": [{"version": "0:2.68.4-16.el9_6.2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "versions": [{"version": "0:2.68.4-5.el9_0.2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_e4s:9.0::baseos", "cpe:/a:redhat:rhel_e4s:9.0::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "versions": [{"version": "0:2.68.4-7.el9_2.2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:9.2::appstream", "cpe:/o:redhat:rhel_e4s:9.2::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.4 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "versions": [{"version": "0:2.68.4-14.el9_4.3", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_eus:9.4::baseos", "cpe:/a:redhat:rhel_eus:9.4::appstream", "cpe:/a:redhat:rhel_eus:9.4::crb"]}, {"vendor": "Red Hat", "product": "Red Hat Insights proxy 1.5", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "insights-proxy/insights-proxy-container-rhel9", "defaultStatus": "affected", "versions": [{"version": "sha256:e54a5a5f9d69dd6a03e2bcd845e2202910a188d266d4a79b12c387ceffc36f2d", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:insights_proxy:1.5::el9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.0", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhosdt/jaeger-agent-rhel8", "defaultStatus": "affected", "versions": [{"version": "sha256:a891aa3f77d70d9d7966dfc71ff9087f45deb95d3025072da96a3ec5220db1f3", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.0", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhosdt/jaeger-all-in-one-rhel8", "defaultStatus": "affected", "versions": [{"version": "sha256:d9ca4a9ec5bc8de23e4550387f822f19949cdfbc4aeeab20e07b206d92f4a426", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.0", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhosdt/jaeger-collector-rhel8", "defaultStatus": "affected", "versions": [{"version": "sha256:addf7b49ce99777a3bbf12c2e6678b604f3cfaf91feaaeb4192d75e902e46458", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.0", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhosdt/jaeger-es-index-cleaner-rhel8", "defaultStatus": "affected", "versions": [{"version": "sha256:d4ef54ac8de0eaf22e294dad8852ea8b5c20f85deb19629a3a4e0020851266c3", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.0", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhosdt/jaeger-es-rollover-rhel8", "defaultStatus": "affected", "versions": [{"version": "sha256:1c4617b035c66b6b34e9b19f618f72a19da5fce644d79e24eb262f14c848bc81", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.0", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhosdt/jaeger-ingester-rhel8", "defaultStatus": "affected", "versions": [{"version": "sha256:8c5dddd29d08fe8234edbbcda055fe6b0f9a7d7a0edfc3cd130797fdf78cce5c", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.0", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhosdt/jaeger-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "sha256:be3feca3b19ac609e5ef829887b6d03ca3c504163ed0f9e10b2410cdfb175b72", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.0", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhosdt/jaeger-query-rhel8", "defaultStatus": "affected", "versions": [{"version": "sha256:3d37f30462f237f5087ef8ac90e39f5cd2cbaf5c143f7cae9d6155eb574726f2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.0", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhosdt/jaeger-rhel8-operator", "defaultStatus": "affected", "versions": [{"version": "sha256:8fb68adefecd8ccb94404399ac6c8038c064c85287f4f980a0855da1cbd0dcb7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "bootc", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:10"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glycin-loaders", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:10"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "loupe", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:10"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "mingw-glib2", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:10"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "librsvg2", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "mingw-glib2", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "bootc", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "librsvg2", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "mingw-glib2", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:10855", "name": "RHSA-2025:10855", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:11140", "name": "RHSA-2025:11140", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:11327", "name": "RHSA-2025:11327", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:11373", "name": "RHSA-2025:11373", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:11374", "name": "RHSA-2025:11374", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:11662", "name": "RHSA-2025:11662", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:12275", "name": "RHSA-2025:12275", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:13335", "name": "RHSA-2025:13335", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:14988", "name": "RHSA-2025:14988", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:14989", "name": "RHSA-2025:14989", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:14990", "name": "RHSA-2025:14990", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:14991", "name": "RHSA-2025:14991", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2025-4373", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364265", "name": "RHBZ#2364265", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3677"}], "datePublic": "2025-05-06T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-124", "description": "Buffer Underwrite ('Buffer Underflow')", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-124: Buffer Underwrite ('Buffer Underflow')", "workarounds": [{"lang": "en", "value": "Currently, no mitigation is available for this vulnerability."}], "timeline": [{"lang": "en", "time": "2025-05-06T00:33:30.003Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-05-06T00:00:00.000Z", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-01-29T19:05:58.921Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-06T15:09:21.791020Z", "id": "CVE-2025-4373", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-06T15:09:46.724Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4373", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-06T15:09:21.791020Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-06T15:09:37.975Z"}}], "cna": {"title": "Glib: buffer underflow on glib through glib/gstring.c via function g_string_insert_unichar", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "2.84.2", "versionType": "semver"}], "packageName": "glib", "collectionURL": "https://gitlab.gnome.org/GNOME/glib", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:10.0"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "versions": [{"status": "unaffected", "version": "0:2.80.4-4.el10_0.6", "lessThan": "*", "versionType": "rpm"}], "packageName": "glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/o:redhat:enterprise_linux:8::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "0:2.56.4-166.el8_10", "lessThan": "*", "versionType": "rpm"}], "packageName": "glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_aus:8.2::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "versions": [{"status": "unaffected", "version": "0:2.56.4-8.el8_2.2", "lessThan": "*", "versionType": "rpm"}], "packageName": "glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_eus_long_life:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "versions": [{"status": "unaffected", "version": "0:2.56.4-10.el8_4.2", "lessThan": "*", "versionType": "rpm"}], "packageName": "glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_eus_long_life:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On", "versions": [{"status": "unaffected", "version": "0:2.56.4-10.el8_4.2", "lessThan": "*", "versionType": "rpm"}], "packageName": "glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_tus:8.6::baseos", "cpe:/o:redhat:rhel_e4s:8.6::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "versions": [{"status": "unaffected", "version": "0:2.56.4-158.el8_6.2", "lessThan": "*", "versionType": "rpm"}], "packageName": "glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_tus:8.6::baseos", "cpe:/o:redhat:rhel_e4s:8.6::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "versions": [{"status": "unaffected", "version": "0:2.56.4-158.el8_6.2", "lessThan": "*", "versionType": "rpm"}], "packageName": "glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_tus:8.6::baseos", "cpe:/o:redhat:rhel_e4s:8.6::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "0:2.56.4-158.el8_6.2", "lessThan": "*", "versionType": "rpm"}], "packageName": "glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_tus:8.8::baseos", "cpe:/o:redhat:rhel_e4s:8.8::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "versions": [{"status": "unaffected", "version": "0:2.56.4-162.el8_8", "lessThan": "*", "versionType": "rpm"}], "packageName": "glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_tus:8.8::baseos", "cpe:/o:redhat:rhel_e4s:8.8::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "0:2.56.4-162.el8_8", "lessThan": "*", "versionType": "rpm"}], "packageName": "glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:2.68.4-16.el9_6.2", "lessThan": "*", "versionType": "rpm"}], "packageName": "glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:2.68.4-16.el9_6.2", "lessThan": "*", "versionType": "rpm"}], "packageName": "glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_e4s:9.0::baseos", "cpe:/a:redhat:rhel_e4s:9.0::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "0:2.68.4-5.el9_0.2", "lessThan": "*", "versionType": "rpm"}], "packageName": "glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_e4s:9.2::appstream", "cpe:/o:redhat:rhel_e4s:9.2::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "0:2.68.4-7.el9_2.2", "lessThan": "*", "versionType": "rpm"}], "packageName": "glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_eus:9.4::baseos", "cpe:/a:redhat:rhel_eus:9.4::appstream", "cpe:/a:redhat:rhel_eus:9.4::crb"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.4 Extended Update Support", "versions": [{"status": "unaffected", "version": "0:2.68.4-14.el9_4.3", "lessThan": "*", "versionType": "rpm"}], "packageName": "glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:insights_proxy:1.5::el9"], "vendor": "Red Hat", "product": "Red Hat Insights proxy 1.5", "versions": [{"status": "unaffected", "version": "sha256:e54a5a5f9d69dd6a03e2bcd845e2202910a188d266d4a79b12c387ceffc36f2d", "lessThan": "*", "versionType": "rpm"}], "packageName": "insights-proxy/insights-proxy-container-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.0", "versions": [{"status": "unaffected", "version": "sha256:a891aa3f77d70d9d7966dfc71ff9087f45deb95d3025072da96a3ec5220db1f3", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhosdt/jaeger-agent-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.0", "versions": [{"status": "unaffected", "version": "sha256:d9ca4a9ec5bc8de23e4550387f822f19949cdfbc4aeeab20e07b206d92f4a426", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhosdt/jaeger-all-in-one-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.0", "versions": [{"status": "unaffected", "version": "sha256:addf7b49ce99777a3bbf12c2e6678b604f3cfaf91feaaeb4192d75e902e46458", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhosdt/jaeger-collector-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.0", "versions": [{"status": "unaffected", "version": "sha256:d4ef54ac8de0eaf22e294dad8852ea8b5c20f85deb19629a3a4e0020851266c3", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhosdt/jaeger-es-index-cleaner-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.0", "versions": [{"status": "unaffected", "version": "sha256:1c4617b035c66b6b34e9b19f618f72a19da5fce644d79e24eb262f14c848bc81", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhosdt/jaeger-es-rollover-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.0", "versions": [{"status": "unaffected", "version": "sha256:8c5dddd29d08fe8234edbbcda055fe6b0f9a7d7a0edfc3cd130797fdf78cce5c", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhosdt/jaeger-ingester-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.0", "versions": [{"status": "unaffected", "version": "sha256:be3feca3b19ac609e5ef829887b6d03ca3c504163ed0f9e10b2410cdfb175b72", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhosdt/jaeger-operator-bundle", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.0", "versions": [{"status": "unaffected", "version": "sha256:3d37f30462f237f5087ef8ac90e39f5cd2cbaf5c143f7cae9d6155eb574726f2", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhosdt/jaeger-query-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.0", "versions": [{"status": "unaffected", "version": "sha256:8fb68adefecd8ccb94404399ac6c8038c064c85287f4f980a0855da1cbd0dcb7", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhosdt/jaeger-rhel8-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:10"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "packageName": "bootc", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:10"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "packageName": "glycin-loaders", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:10"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "packageName": "loupe", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:10"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "packageName": "mingw-glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "librsvg2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "mingw-glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "bootc", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "librsvg2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "mingw-glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2025-05-06T00:33:30.003000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-05-06T00:00:00+00:00", "value": "Made public."}], "datePublic": "2025-05-06T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:10855", "name": "RHSA-2025:10855", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:11140", "name": "RHSA-2025:11140", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:11327", "name": "RHSA-2025:11327", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:11373", "name": "RHSA-2025:11373", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:11374", "name": "RHSA-2025:11374", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:11662", "name": "RHSA-2025:11662", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:12275", "name": "RHSA-2025:12275", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:13335", "name": "RHSA-2025:13335", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:14988", "name": "RHSA-2025:14988", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:14989", "name": "RHSA-2025:14989", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:14990", "name": "RHSA-2025:14990", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:14991", "name": "RHSA-2025:14991", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2025-4373", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364265", "name": "RHBZ#2364265", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3677"}], "workarounds": [{"lang": "en", "value": "Currently, no mitigation is available for this vulnerability."}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-124", "description": "Buffer Underwrite ('Buffer Underflow')"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-01-29T19:05:58.921Z"}, "x_redhatCweChain": "CWE-124: Buffer Underwrite ('Buffer Underflow')"}}, "cveMetadata": {"cveId": "CVE-2025-4373", "state": "PUBLISHED", "dateUpdated": "2026-01-29T19:05:58.921Z", "dateReserved": "2025-05-06T00:35:29.069Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2025-05-06T14:48:39.264Z", "assignerShortName": "redhat"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en GLib que causa un desbordamiento de enteros en la funci\u00f3n g_string_insert_unichar(). Cuando la posici\u00f3n donde se inserta el car\u00e1cter es grande, esta se desborda, lo que provoca una subscritura del b\u00fafer."}], "id": "CVE-2025-4373", "lastModified": "2025-09-02T03:15:41.650", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 2.5, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2025-05-06T15:16:05.320", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:10855"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:11140"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:11327"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:11373"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:11374"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:11662"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:12275"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:13335"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:14988"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:14989"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:14990"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:14991"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2025-4373"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364265"}, {"source": "secalert@redhat.com", "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3677"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-124"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"bugzilla": {"description": "glib: Buffer Underflow on GLib through glib/gstring.c via function g_string_insert_unichar", "id": "2364265", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364265"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "status": "draft"}, "cwe": "CWE-124", "details": ["A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite."], "mitigation": {"lang": "en:us", "value": "Currently, no mitigation is available for this vulnerability."}, "name": "CVE-2025-4373", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "bootc", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "glib2", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "glycin-loaders", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "loupe", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "mingw-glib2", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "glib2", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "glib2", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "glib2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "librsvg2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "mingw-glib2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "bootc", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "glib2", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "librsvg2", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "mingw-glib2", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-05-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-4373\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-4373"], "statement": "Within regulated environments, a combination of the following controls acts as a significant barrier to the successful exploitation of a CWE-124: Buffer Underwrite ('Buffer Underflow') vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\nSecure baseline configurations enforce strict memory handling policies, while change controls ensure any deviations are reviewed and approved. Least functionality reduces the attack surface by disabling unnecessary features that could introduce memory risks. Process isolation contains faults within individual workloads, minimizing broader impact. Real-time monitoring and malicious code protection detect and respond to abnormal memory behavior or exploitation attempts. Hardened configuration settings restrict low-level memory access, lowering the likelihood of unsafe operations. Finally, the platform uses memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to strengthen resilience against buffer underwrite exploits.", "threat_severity": "Moderate"}