Heap Buffer Overflow Vulnerability in Abseil-cpp
CVE-2025-0838

5.9MEDIUM

Key Information:

Vendor: Abseil
Status: Abseil-cpp
Vendor: CVE Published:; 21 February 2025

What is CVE-2025-0838?

A heap buffer overflow vulnerability has been identified in Abseil-cpp, specifically within the sized constructors, reserve(), and rehash() methods of absl::{flat,node}hash{set,map}. The implementation fails to impose a limit on the size parameter, enabling malicious actors to provide excessively large values. This oversight could lead to integer overflow during the calculation of the container's backing store size, ultimately resulting in out-of-bounds memory writes. Such conditions pose significant security risks, including unauthorized access to memory segments. To mitigate this vulnerability, it is crucial to upgrade to versions beyond commit 5a0e2cb5e3958dd90bb8569a2766622cb74d90c1.

Affected Version(s)

abseil-cpp 0 < 5a0e2cb5e3958dd90bb8569a2766622cb74d90c1

References

https://github.com/abseil/abseil-cpp/commit/5a0e2cb5e3958...

CVSS V4

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 21, 2025
Vulnerability Reserved
Jan 29, 2025