{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-4373", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2025-05-06T00:35:29.069Z", "datePublished": "2025-05-06T14:48:39.264Z", "dateUpdated": "2025-10-08T16:01:12.220Z"}, "containers": {"cna": {"title": "Glib: buffer underflow on glib through glib/gstring.c via function g_string_insert_unichar", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite."}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "2.84.2", "versionType": "semver"}], "packageName": "glib", "collectionURL": "https://gitlab.gnome.org/GNOME/glib", "defaultStatus": "unaffected"}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "versions": [{"version": "0:2.80.4-4.el10_0.6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:10.0"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "versions": [{"version": "0:2.56.4-166.el8_10", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/o:redhat:enterprise_linux:8::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "versions": [{"version": "0:2.56.4-8.el8_2.2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_aus:8.2::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "versions": [{"version": "0:2.56.4-10.el8_4.2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "versions": [{"version": "0:2.56.4-10.el8_4.2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "versions": [{"version": "0:2.56.4-158.el8_6.2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_tus:8.6::baseos", "cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/o:redhat:rhel_aus:8.6::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "versions": [{"version": "0:2.56.4-158.el8_6.2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_tus:8.6::baseos", "cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/o:redhat:rhel_aus:8.6::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "versions": [{"version": "0:2.56.4-158.el8_6.2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_tus:8.6::baseos", "cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/o:redhat:rhel_aus:8.6::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "versions": [{"version": "0:2.56.4-162.el8_8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_tus:8.8::baseos", "cpe:/o:redhat:rhel_e4s:8.8::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "versions": [{"version": "0:2.56.4-162.el8_8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_tus:8.8::baseos", "cpe:/o:redhat:rhel_e4s:8.8::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "versions": [{"version": "0:2.68.4-16.el9_6.2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "versions": [{"version": "0:2.68.4-16.el9_6.2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "versions": [{"version": "0:2.68.4-5.el9_0.2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_e4s:9.0::baseos", "cpe:/a:redhat:rhel_e4s:9.0::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "versions": [{"version": "0:2.68.4-7.el9_2.2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_e4s:9.2::baseos", "cpe:/a:redhat:rhel_e4s:9.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.4 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "versions": [{"version": "0:2.68.4-14.el9_4.3", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.4::appstream", "cpe:/a:redhat:rhel_eus:9.4::crb", "cpe:/o:redhat:rhel_eus:9.4::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Insights proxy 1.5", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "insights-proxy/insights-proxy-container-rhel9", "defaultStatus": "affected", "versions": [{"version": "sha256:e54a5a5f9d69dd6a03e2bcd845e2202910a188d266d4a79b12c387ceffc36f2d", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:insights_proxy:1.5::el9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhosdt/jaeger-agent-rhel8", "defaultStatus": "affected", "versions": [{"version": "sha256:389b9cbd0f05d3d773edc2c06aa73818307cbb25048bddf4f192a992670b6fb4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhosdt/jaeger-all-in-one-rhel8", "defaultStatus": "affected", "versions": [{"version": "sha256:d9ca4a9ec5bc8de23e4550387f822f19949cdfbc4aeeab20e07b206d92f4a426", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhosdt/jaeger-collector-rhel8", "defaultStatus": "affected", "versions": [{"version": "sha256:a15009fde9c0a63168d82fb07363d2c6ce05f2096dc1a9992a09fe1d76bcf4a7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhosdt/jaeger-es-index-cleaner-rhel8", "defaultStatus": "affected", "versions": [{"version": "sha256:caadc05a8195f41d48d502458183cef05a1011c6edee343ac212b873ae98c763", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhosdt/jaeger-es-rollover-rhel8", "defaultStatus": "affected", "versions": [{"version": "sha256:57d3bf93431295f0d3c8747fe376cdb0a06dc344dd1d6b0c838f732bd920c73e", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhosdt/jaeger-ingester-rhel8", "defaultStatus": "affected", "versions": [{"version": "sha256:2e6d535aa3208ca8ae1bc588393c8bc499c4bfb452aceca047523502ddffa0ed", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhosdt/jaeger-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "sha256:be3feca3b19ac609e5ef829887b6d03ca3c504163ed0f9e10b2410cdfb175b72", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhosdt/jaeger-query-rhel8", "defaultStatus": "affected", "versions": [{"version": "sha256:3d37f30462f237f5087ef8ac90e39f5cd2cbaf5c143f7cae9d6155eb574726f2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhosdt/jaeger-rhel8-operator", "defaultStatus": "affected", "versions": [{"version": "sha256:6f3b7f23a515ac140bdad844d60d96fecc79835a75b1d29a70f66df737f1b50c", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "bootc", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:10"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glycin-loaders", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:10"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "loupe", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:10"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "mingw-glib2", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:10"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "librsvg2", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "mingw-glib2", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "bootc", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "librsvg2", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "mingw-glib2", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:10855", "name": "RHSA-2025:10855", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:11140", "name": "RHSA-2025:11140", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:11327", "name": "RHSA-2025:11327", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:11373", "name": "RHSA-2025:11373", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:11374", "name": "RHSA-2025:11374", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:11662", "name": "RHSA-2025:11662", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:12275", "name": "RHSA-2025:12275", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:13335", "name": "RHSA-2025:13335", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:14988", "name": "RHSA-2025:14988", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:14989", "name": "RHSA-2025:14989", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:14990", "name": "RHSA-2025:14990", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:14991", "name": "RHSA-2025:14991", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2025-4373", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364265", "name": "RHBZ#2364265", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3677"}], "datePublic": "2025-05-06T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-124", "description": "Buffer Underwrite ('Buffer Underflow')", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-124: Buffer Underwrite ('Buffer Underflow')", "workarounds": [{"lang": "en", "value": "Currently, no mitigation is available for this vulnerability."}], "timeline": [{"lang": "en", "time": "2025-05-06T00:33:30.003000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-05-06T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-10-08T16:01:12.220Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-06T15:09:21.791020Z", "id": "CVE-2025-4373", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-06T15:09:46.724Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4373", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-06T15:09:21.791020Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-06T15:09:37.975Z"}}], "cna": {"title": "Glib: buffer underflow on glib through glib/gstring.c via function g_string_insert_unichar", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "2.84.2", "versionType": "semver"}], "packageName": "glib", "collectionURL": "https://gitlab.gnome.org/GNOME/glib", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:10.0"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "versions": [{"status": "unaffected", "version": "0:2.80.4-4.el10_0.6", "lessThan": "*", "versionType": "rpm"}], "packageName": "glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/o:redhat:enterprise_linux:8::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "0:2.56.4-166.el8_10", "lessThan": "*", "versionType": "rpm"}], "packageName": "glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_aus:8.2::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "versions": [{"status": "unaffected", "version": "0:2.56.4-8.el8_2.2", "lessThan": "*", "versionType": "rpm"}], "packageName": "glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "versions": [{"status": "unaffected", "version": "0:2.56.4-10.el8_4.2", "lessThan": "*", "versionType": "rpm"}], "packageName": "glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On", "versions": [{"status": "unaffected", "version": "0:2.56.4-10.el8_4.2", "lessThan": "*", "versionType": "rpm"}], "packageName": "glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_tus:8.6::baseos", "cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/o:redhat:rhel_aus:8.6::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "versions": [{"status": "unaffected", "version": "0:2.56.4-158.el8_6.2", "lessThan": "*", "versionType": "rpm"}], "packageName": "glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_tus:8.6::baseos", "cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/o:redhat:rhel_aus:8.6::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "versions": [{"status": "unaffected", "version": "0:2.56.4-158.el8_6.2", "lessThan": "*", "versionType": "rpm"}], "packageName": "glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_tus:8.6::baseos", "cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/o:redhat:rhel_aus:8.6::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "0:2.56.4-158.el8_6.2", "lessThan": "*", "versionType": "rpm"}], "packageName": "glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_tus:8.8::baseos", "cpe:/o:redhat:rhel_e4s:8.8::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "versions": [{"status": "unaffected", "version": "0:2.56.4-162.el8_8", "lessThan": "*", "versionType": "rpm"}], "packageName": "glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_tus:8.8::baseos", "cpe:/o:redhat:rhel_e4s:8.8::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "0:2.56.4-162.el8_8", "lessThan": "*", "versionType": "rpm"}], "packageName": "glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:2.68.4-16.el9_6.2", "lessThan": "*", "versionType": "rpm"}], "packageName": "glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:2.68.4-16.el9_6.2", "lessThan": "*", "versionType": "rpm"}], "packageName": "glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_e4s:9.0::baseos", "cpe:/a:redhat:rhel_e4s:9.0::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "0:2.68.4-5.el9_0.2", "lessThan": "*", "versionType": "rpm"}], "packageName": "glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_e4s:9.2::baseos", "cpe:/a:redhat:rhel_e4s:9.2::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "0:2.68.4-7.el9_2.2", "lessThan": "*", "versionType": "rpm"}], "packageName": "glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:9.4::appstream", "cpe:/a:redhat:rhel_eus:9.4::crb", "cpe:/o:redhat:rhel_eus:9.4::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.4 Extended Update Support", "versions": [{"status": "unaffected", "version": "0:2.68.4-14.el9_4.3", "lessThan": "*", "versionType": "rpm"}], "packageName": "glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:insights_proxy:1.5::el9"], "vendor": "Red Hat", "product": "Red Hat Insights proxy 1.5", "versions": [{"status": "unaffected", "version": "sha256:e54a5a5f9d69dd6a03e2bcd845e2202910a188d266d4a79b12c387ceffc36f2d", "lessThan": "*", "versionType": "rpm"}], "packageName": "insights-proxy/insights-proxy-container-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.1", "versions": [{"status": "unaffected", "version": "sha256:389b9cbd0f05d3d773edc2c06aa73818307cbb25048bddf4f192a992670b6fb4", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhosdt/jaeger-agent-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.1", "versions": [{"status": "unaffected", "version": "sha256:d9ca4a9ec5bc8de23e4550387f822f19949cdfbc4aeeab20e07b206d92f4a426", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhosdt/jaeger-all-in-one-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.1", "versions": [{"status": "unaffected", "version": "sha256:a15009fde9c0a63168d82fb07363d2c6ce05f2096dc1a9992a09fe1d76bcf4a7", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhosdt/jaeger-collector-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.1", "versions": [{"status": "unaffected", "version": "sha256:caadc05a8195f41d48d502458183cef05a1011c6edee343ac212b873ae98c763", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhosdt/jaeger-es-index-cleaner-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.1", "versions": [{"status": "unaffected", "version": "sha256:57d3bf93431295f0d3c8747fe376cdb0a06dc344dd1d6b0c838f732bd920c73e", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhosdt/jaeger-es-rollover-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.1", "versions": [{"status": "unaffected", "version": "sha256:2e6d535aa3208ca8ae1bc588393c8bc499c4bfb452aceca047523502ddffa0ed", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhosdt/jaeger-ingester-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.1", "versions": [{"status": "unaffected", "version": "sha256:be3feca3b19ac609e5ef829887b6d03ca3c504163ed0f9e10b2410cdfb175b72", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhosdt/jaeger-operator-bundle", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.1", "versions": [{"status": "unaffected", "version": "sha256:3d37f30462f237f5087ef8ac90e39f5cd2cbaf5c143f7cae9d6155eb574726f2", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhosdt/jaeger-query-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.1", "versions": [{"status": "unaffected", "version": "sha256:6f3b7f23a515ac140bdad844d60d96fecc79835a75b1d29a70f66df737f1b50c", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhosdt/jaeger-rhel8-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:10"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "packageName": "bootc", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:10"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "packageName": "glycin-loaders", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:10"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "packageName": "loupe", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:10"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "packageName": "mingw-glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "librsvg2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "mingw-glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "bootc", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "librsvg2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "mingw-glib2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2025-05-06T00:33:30.003000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-05-06T00:00:00+00:00", "value": "Made public."}], "datePublic": "2025-05-06T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:10855", "name": "RHSA-2025:10855", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:11140", "name": "RHSA-2025:11140", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:11327", "name": "RHSA-2025:11327", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:11373", "name": "RHSA-2025:11373", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:11374", "name": "RHSA-2025:11374", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:11662", "name": "RHSA-2025:11662", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:12275", "name": "RHSA-2025:12275", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:13335", "name": "RHSA-2025:13335", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:14988", "name": "RHSA-2025:14988", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:14989", "name": "RHSA-2025:14989", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:14990", "name": "RHSA-2025:14990", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:14991", "name": "RHSA-2025:14991", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2025-4373", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364265", "name": "RHBZ#2364265", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3677"}], "workarounds": [{"lang": "en", "value": "Currently, no mitigation is available for this vulnerability."}], "descriptions": [{"lang": "en", "value": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-124", "description": "Buffer Underwrite ('Buffer Underflow')"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-10-08T16:01:12.220Z"}, "x_redhatCweChain": "CWE-124: Buffer Underwrite ('Buffer Underflow')"}}, "cveMetadata": {"cveId": "CVE-2025-4373", "state": "PUBLISHED", "dateUpdated": "2025-10-08T16:01:12.220Z", "dateReserved": "2025-05-06T00:35:29.069Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2025-05-06T14:48:39.264Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en GLib que causa un desbordamiento de enteros en la funci\u00f3n g_string_insert_unichar(). Cuando la posici\u00f3n donde se inserta el car\u00e1cter es grande, esta se desborda, lo que provoca una subscritura del b\u00fafer."}], "id": "CVE-2025-4373", "lastModified": "2025-09-02T03:15:41.650", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 2.5, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2025-05-06T15:16:05.320", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:10855"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:11140"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:11327"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:11373"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:11374"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:11662"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:12275"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:13335"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:14988"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:14989"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:14990"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:14991"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2025-4373"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364265"}, {"source": "secalert@redhat.com", "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3677"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-124"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"bugzilla": {"description": "glib: Buffer Underflow on GLib through glib/gstring.c via function g_string_insert_unichar", "id": "2364265", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364265"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "status": "draft"}, "cwe": "CWE-124", "details": ["A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite."], "mitigation": {"lang": "en:us", "value": "Currently, no mitigation is available for this vulnerability."}, "name": "CVE-2025-4373", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "bootc", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "glib2", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "glycin-loaders", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "loupe", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "mingw-glib2", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "glib2", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "glib2", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "glib2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "librsvg2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "mingw-glib2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "bootc", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "glib2", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "librsvg2", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "mingw-glib2", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-05-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-4373\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-4373"], "statement": "Within regulated environments, a combination of the following controls acts as a significant barrier to the successful exploitation of a CWE-124: Buffer Underwrite ('Buffer Underflow') vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\nSecure baseline configurations enforce strict memory handling policies, while change controls ensure any deviations are reviewed and approved. Least functionality reduces the attack surface by disabling unnecessary features that could introduce memory risks. Process isolation contains faults within individual workloads, minimizing broader impact. Real-time monitoring and malicious code protection detect and respond to abnormal memory behavior or exploitation attempts. Hardened configuration settings restrict low-level memory access, lowering the likelihood of unsafe operations. Finally, the platform uses memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to strengthen resilience against buffer underwrite exploits.", "threat_severity": "Moderate"}