Double Free Vulnerability in GNU C Library Affecting Multiple Architectures
CVE-2025-8058

5.9MEDIUM

Key Information:

Vendor: The Gnu C Library
Status: Glibc
Vendor: CVE Published:; 23 July 2025

🔔 Create The Gnu C Library Vulnerability Alert

What is CVE-2025-8058?

The GNU C library versions from 2.4 to 2.41 contain a vulnerability in the regcomp function, which may lead to a double free condition under specific failure scenarios. When a memory allocation fails, whether through a standard malloc or an interposed allocation function that deliberately triggers such failures, this can potentially result in buffer manipulation risks. This vulnerability impacts all architectures and ABIs supported by the GNU C library, posing a significant threat to system security and stability.

Affected Version(s)

glibc Linux 2.4 < 2.42

References

https://sourceware.org/bugzilla/show_bug.cgi?id=33185

https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17a...

CVSS V4

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Jul 23, 2025
Vulnerability Reserved
Jul 22, 2025

JSON