Memory Management Flaw in GLib's GString Affects Red Hat Products
CVE-2025-6052

3.7LOW

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 13 June 2025

What is CVE-2025-6052?

A vulnerability exists in GLib’s GString where improper memory management can lead to unintentional data overflow. When large strings are concatenated, it can result in the system misestimating available memory, allowing for writes beyond allocated memory bounds. This flaw poses significant risks, including program crashes and potential memory corruption, making affected systems vulnerable to unpredicted behaviors and security risks.

References

https://access.redhat.com/security/cve/CVE-2025-6052

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2372666

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 13, 2025
Vulnerability Reserved
Jun 13, 2025

Credit

Red Hat would like to thank Philip Withnall for reporting this issue.