VIR Vulnerability Intelligence Relay

CVE-2025-13601

high
Published 2026-01-21 Β· Modified 2026-06-02
πŸ’¬ Discuss on Community ✚ Propose mitigation
CVSS v3
7.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CVSS v4 NEW
β€”
not yet in upstream
VIR risk
7.7

Description

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.

Predictions

Exploit likelihood
75%
Patch ETA
β€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata β€” Red Hat Inc. Β· View original β†— Β· Open-Errata-API

Description glib: Integer overflow in in g_escape_uri_string() Red Hat statement Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. CVSS v3: 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H) Errata / fixed releases…

Workaround

for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Description

glib: Integer overflow in in g_escape_uri_string()

Red Hat statement

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

CVSS v3: 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)

Errata / fixed releases

ProductPackageAdvisoryReleased
Red Hat Enterprise Linux 10glib2-0:2.80.4-10.el10_1.12RHSA-2026:09752026-01-22T00:00:00Z
Red Hat Enterprise Linux 10mingw-glib2-0:2.87.0-1.el10RHSA-2026:183442026-05-19T00:00:00Z
Red Hat Enterprise Linux 10.0 Extended Update Supportglib2-0:2.80.4-4.el10_0.8RHSA-2026:13272026-01-27T00:00:00Z
Red Hat Enterprise Linux 7 Extended Lifecycle Supportglib2-0:2.56.1-11.el7_9RHSA-2026:16082026-02-02T00:00:00Z
Red Hat Enterprise Linux 8glib2-0:2.56.4-168.el8_10RHSA-2026:09912026-01-22T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Supportglib2-0:2.56.4-8.el8_2.4RHSA-2026:16272026-02-02T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Supportglib2-0:2.56.4-10.el8_4.4RHSA-2026:16262026-02-02T00:00:00Z
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-Onglib2-0:2.56.4-10.el8_4.4RHSA-2026:16262026-02-02T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Supportglib2-0:2.56.4-158.el8_6.4RHSA-2026:16242026-02-02T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Serviceglib2-0:2.56.4-158.el8_6.4RHSA-2026:16242026-02-02T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutionsglib2-0:2.56.4-158.el8_6.4RHSA-2026:16242026-02-02T00:00:00Z
Red Hat Enterprise Linux 8.8 Telecommunications Update Serviceglib2-0:2.56.4-164.el8_8RHSA-2026:16252026-02-02T00:00:00Z
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutionsglib2-0:2.56.4-164.el8_8RHSA-2026:16252026-02-02T00:00:00Z
Red Hat Enterprise Linux 9glib2-0:2.68.4-18.el9_7.1RHSA-2026:09362026-01-21T00:00:00Z
Red Hat Enterprise Linux 9mingw-glib2-0:2.78.6-3.el9RHSA-2026:187052026-05-19T00:00:00Z
Red Hat Enterprise Linux 9glib2-0:2.68.4-18.el9_7.1RHSA-2026:09362026-01-21T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutionsglib2-0:2.68.4-5.el9_0.4RHSA-2026:13232026-01-27T00:00:00Z
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutionsglib2-0:2.68.4-7.el9_2.4RHSA-2026:13242026-01-27T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Supportglib2-0:2.68.4-14.el9_4.5RHSA-2026:13262026-01-27T00:00:00Z
Red Hat Enterprise Linux 9.6 Extended Update Supportglib2-0:2.68.4-16.el9_6.4RHSA-2026:14652026-01-28T00:00:00Z
Red Hat OpenShift Container Platform 4.12rhcos-412.86.202602021310-0RHSA-2026:20642026-02-13T00:00:00Z
Red Hat OpenShift Container Platform 4.13rhcos-413.92.202602240113-0RHSA-2026:34152026-03-05T00:00:00Z
Red Hat OpenShift Container Platform 4.14rhcos-414.92.202602171627-0RHSA-2026:29742026-02-26T00:00:00Z
Red Hat OpenShift Container Platform 4.15rhcos-415.92.202603101737-0RHSA-2026:44192026-03-19T00:00:00Z
Red Hat OpenShift Container Platform 4.16rhcos-416.94.202602101357-0RHSA-2026:26592026-02-18T00:00:00Z
Red Hat OpenShift Container Platform 4.17rhcos-417.94.202602090846-0RHSA-2026:26712026-02-18T00:00:00Z
Red Hat OpenShift Container Platform 4.18rhcos-418.94.202602022246-0RHSA-2026:20722026-02-11T00:00:00Z
Red Hat OpenShift Container Platform 4.19rhcos-4.19.9.6.202602112047-0RHSA-2026:26332026-02-18T00:00:00Z
Red Hat Ceph Storage 8rhceph/rhceph-8-rhel9:1769512383RHSA-2026:16522026-02-02T00:00:00Z
Red Hat Discovery 2discovery/discovery-server-rhel9:1769104765RHSA-2026:17362026-02-02T00:00:00Z
Red Hat Discovery 2discovery/discovery-ui-rhel9:1769111774RHSA-2026:17362026-02-02T00:00:00Z
Red Hat Hardened Imagesglib2-main-2.88.0-1.1.hum1RHSA-2026:74612026-04-10T00:00:00Z
Red Hat Insights proxy 1.5insights-proxy/insights-proxy-container-rhel9:1770740405RHSA-2026:24852026-02-10T00:00:00Z
Red Hat Update Infrastructure 5rhui5/cds-rhel9:1770808689RHSA-2026:25632026-02-11T00:00:00Z
Red Hat Update Infrastructure 5rhui5/haproxy-rhel9:1770807477RHSA-2026:25632026-02-11T00:00:00Z
Red Hat Update Infrastructure 5rhui5/installer-rhel9:1770646925RHSA-2026:25632026-02-11T00:00:00Z
Red Hat Update Infrastructure 5rhui5/rhua-rhel9:1770808765RHSA-2026:25632026-02-11T00:00:00Z

Package state

ProductPackageState
Red Hat Enterprise Linux 6glib2Out of support scope
Red Hat Enterprise Linux 8mingw-glib2Will not fix

Apply commands

bash fix
Apply RHSA-2026:0975 for Red Hat Enterprise Linux 10
yum update -y glib2
# or:
dnf upgrade -y glib2

OS impact
suse SUSE Affected 1 release
VersionStatusFixed in
β€” Affected β€”
redhat Red Hat Mixed 8 releases
VersionStatusFixed in
10.0 Affected β€”
9.6 Affected β€”
9.4 Affected β€”
9.2 Affected β€”
9.0 Affected β€”
9 Fixed β€”
8.0 Affected β€”
8 Fixed β€”
almalinux AlmaLinux Fixed 2 releases
VersionStatusFixed in
9 Fixed glib2-tests-2.68.4-18.el9_7.1.aarch64.rpm
8 Fixed glib2-2.56.4-168.el8_10.i686.rpm
debian Debian Fixed 5 releases
VersionStatusFixed in
trixie Fixed 2.84.4-3~deb13u2
sid Fixed 2.86.3-1
forky Fixed 2.86.3-1
bullseye Fixed 2.66.8-1+deb11u7
bookworm Fixed 2.74.6-2+deb12u8
rockylinux Rocky Linux Fixed 2 releases
VersionStatusFixed in
9 Fixed β€”
8 Fixed β€”

Application impact
VendorProductVersionsFixed
redhat redhatcodeready_linux_builder9.0
redhat redhatcodeready_linux_builder_for_ibm_z_systems9.0_s390x
redhat redhatcodeready_linux_builder_for_power_little_endian9.0_ppc64le
redhat redhatcodeready_linux_builder_for_x86_649.0
redhat redhatcodeready_linux_builder_for_arm6410.0
redhat redhatcodeready_linux_builder_for_ibm_z_systems10.0_s390x
redhat redhatcodeready_linux_builder_for_power_little_endian10.0_ppc64le
redhat redhatcodeready_linux_builder_for_x86_6410.0
redhat redhatcodeready_linux_builder_for_arm648.0
redhat redhatcodeready_linux_builder_for_ibm_z_systems8.0_s390x
redhat redhatcodeready_linux_builder_for_power_little_endian8.0_ppc64le
redhat redhatcodeready_linux_builder_for_x86_648.0
redhat redhatcodeready_linux_builder_for_arm64_eus9.4
redhat redhatcodeready_linux_builder_for_ibm_z_systems9.4_s390x
redhat redhatcodeready_linux_builder_for_power_little_endian9.4_ppc64le
redhat redhatcodeready_linux_builder_for_x86_649.4
redhat redhatcodeready_linux_builder_for_arm64_eus10.0
redhat redhatcodeready_linux_builder_for_ibm_z_systems_eus10.0_s390x
redhat redhatcodeready_linux_builder_for_power_little_endian_eus10.0_ppc64le
redhat redhatcodeready_linux_builder_for_x86_64_eus10.0
redhat redhatcodeready_linux_builder_for_arm649.6
redhat redhatcodeready_linux_builder_for_ibm_z_systems9.6_s390x
redhat redhatcodeready_linux_builder_for_power_little_endian9.6_ppc64le
redhat redhatcodeready_linux_builder_for_x86_649.6
redhat redhatceph_storage8.0
redhat redhatdiscovery2.0
gnomeglib{"endExcluding":"2.86.3"}2.86.3
redhat redhatopenshift_container_platform4.12
redhat redhatopenshift_container_platform4.16
redhat redhatopenshift_container_platform4.17
redhat redhatopenshift_container_platform4.18
redhat redhatopenshift_container_platform4.19
redhat redhatopenshift_container_platform_for_arm644.12
redhat redhatopenshift_container_platform_for_arm644.16
redhat redhatopenshift_container_platform_for_arm644.17
redhat redhatopenshift_container_platform_for_arm644.18
redhat redhatopenshift_container_platform_for_arm644.19
redhat redhatopenshift_container_platform_for_ibm_z4.12
redhat redhatopenshift_container_platform_for_ibm_z4.16
redhat redhatopenshift_container_platform_for_ibm_z4.17
redhat redhatopenshift_container_platform_for_ibm_z4.18
redhat redhatopenshift_container_platform_for_ibm_z4.19
redhat redhatopenshift_container_platform_for_linuxone4.12
redhat redhatopenshift_container_platform_for_linuxone4.16
redhat redhatopenshift_container_platform_for_linuxone4.17
redhat redhatopenshift_container_platform_for_linuxone4.18
redhat redhatopenshift_container_platform_for_linuxone4.19
redhat redhatopenshift_container_platform_for_power4.12
redhat redhatopenshift_container_platform_for_power4.16
redhat redhatopenshift_container_platform_for_power4.17
redhat redhatopenshift_container_platform_for_power4.18
redhat redhatopenshift_container_platform_for_power4.19

References

CWEs

CWE-190

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.