The regcomp function in the GNU C library version from 2.4 to 2.41 is 
subject to a double free if some previous allocation fails. It can be 
accomplished either by a malloc failure or by using an interposed malloc
 that injects random malloc failures. The double free can allow buffer 
manipulation depending of how the regex is constructed. This issue 
affects all architectures and ABIs supported by the GNU C library.
                
            Metrics
Affected Vendors & Products
References
        History
                    Tue, 29 Jul 2025 12:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Title | glibc: Double free in glibc | |
| References |  | |
| Metrics | threat_severity 
 | cvssV3_1 
 
 | 
Thu, 24 Jul 2025 21:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Gnu Gnu glibc | |
| Vendors & Products | Gnu Gnu glibc | 
Wed, 23 Jul 2025 21:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | ssvc 
 | 
Wed, 23 Jul 2025 20:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library. | |
| Weaknesses | CWE-415 | |
| References |  | |
| Metrics | cvssV4_0 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: glibc
Published: 2025-07-23T19:57:17.138Z
Updated: 2025-10-21T12:52:55.350Z
Reserved: 2025-07-22T18:33:43.424Z
Link: CVE-2025-8058
 Vulnrichment
                        Vulnrichment
                    Updated: 2025-07-23T20:07:52.660Z
 NVD
                        NVD
                    Status : Awaiting Analysis
Published: 2025-07-23T20:15:27.747
Modified: 2025-07-25T15:29:44.523
Link: CVE-2025-8058
 Redhat
                        Redhat