{"schema_version":"1.7.2","id":"OESA-2025-1219","modified":"2025-02-28T15:34:31Z","published":"2025-02-28T15:34:31Z","upstream":["CVE-2025-0838"],"summary":"abseil-cpp security update","details":"Abseil is an open-source collection of C++ library code designed to augment the C++ standard library. The Abseil library code is collected from Google\u0026amp;apos;s own C++ code base, has been extensively tested and used in production, and is the same code we depend on in our daily coding lives.\r\n\r\nSecurity Fix(es):\n\nThere exists a heap buffer overflow vulnerable in Abseil-cpp. The sized constructors, reserve(), and rehash() methods of absl::{flat,node}hash{set,map} did not impose an upper bound on their size argument. As a result, it was possible for a caller to pass a very large size that would cause an integer overflow when computing the size of the container\u0026apos;s backing store, and a subsequent out-of-bounds memory write. Subsequent accesses to the container might also access out-of-bounds memory. We recommend upgrading past commit 5a0e2cb5e3958dd90bb8569a2766622cb74d90c1(CVE-2025-0838)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP4","name":"abseil-cpp","purl":"pkg:rpm/openEuler/abseil-cpp\u0026distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20220623.1-6.oe2203sp4"}]}],"ecosystem_specific":{"aarch64":["abseil-cpp-20220623.1-6.oe2203sp4.aarch64.rpm","abseil-cpp-debuginfo-20220623.1-6.oe2203sp4.aarch64.rpm","abseil-cpp-debugsource-20220623.1-6.oe2203sp4.aarch64.rpm","abseil-cpp-devel-20220623.1-6.oe2203sp4.aarch64.rpm"],"src":["abseil-cpp-20220623.1-6.oe2203sp4.src.rpm"],"x86_64":["abseil-cpp-20220623.1-6.oe2203sp4.x86_64.rpm","abseil-cpp-debuginfo-20220623.1-6.oe2203sp4.x86_64.rpm","abseil-cpp-debugsource-20220623.1-6.oe2203sp4.x86_64.rpm","abseil-cpp-devel-20220623.1-6.oe2203sp4.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:24.03-LTS","name":"abseil-cpp","purl":"pkg:rpm/openEuler/abseil-cpp\u0026distro=openEuler-24.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20230802.1-6.oe2403sp1"}]}],"ecosystem_specific":{"aarch64":["abseil-cpp-20230802.1-6.oe2403.aarch64.rpm","abseil-cpp-debuginfo-20230802.1-6.oe2403.aarch64.rpm","abseil-cpp-debugsource-20230802.1-6.oe2403.aarch64.rpm","abseil-cpp-devel-20230802.1-6.oe2403.aarch64.rpm","abseil-cpp-20230802.1-6.oe2403sp1.aarch64.rpm","abseil-cpp-debuginfo-20230802.1-6.oe2403sp1.aarch64.rpm","abseil-cpp-debugsource-20230802.1-6.oe2403sp1.aarch64.rpm","abseil-cpp-devel-20230802.1-6.oe2403sp1.aarch64.rpm"],"src":["abseil-cpp-20230802.1-6.oe2403.src.rpm","abseil-cpp-20230802.1-6.oe2403sp1.src.rpm"],"x86_64":["abseil-cpp-20230802.1-6.oe2403.x86_64.rpm","abseil-cpp-debuginfo-20230802.1-6.oe2403.x86_64.rpm","abseil-cpp-debugsource-20230802.1-6.oe2403.x86_64.rpm","abseil-cpp-devel-20230802.1-6.oe2403.x86_64.rpm","abseil-cpp-20230802.1-6.oe2403sp1.x86_64.rpm","abseil-cpp-debuginfo-20230802.1-6.oe2403sp1.x86_64.rpm","abseil-cpp-debugsource-20230802.1-6.oe2403sp1.x86_64.rpm","abseil-cpp-devel-20230802.1-6.oe2403sp1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:24.03-LTS-SP1","name":"abseil-cpp","purl":"pkg:rpm/openEuler/abseil-cpp\u0026distro=openEuler-24.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20230802.1-6.oe2403sp1"}]}],"ecosystem_specific":{"aarch64":["abseil-cpp-20230802.1-6.oe2403sp1.aarch64.rpm","abseil-cpp-debuginfo-20230802.1-6.oe2403sp1.aarch64.rpm","abseil-cpp-debugsource-20230802.1-6.oe2403sp1.aarch64.rpm","abseil-cpp-devel-20230802.1-6.oe2403sp1.aarch64.rpm"],"src":["abseil-cpp-20230802.1-6.oe2403sp1.src.rpm"],"x86_64":["abseil-cpp-20230802.1-6.oe2403sp1.x86_64.rpm","abseil-cpp-debuginfo-20230802.1-6.oe2403sp1.x86_64.rpm","abseil-cpp-debugsource-20230802.1-6.oe2403sp1.x86_64.rpm","abseil-cpp-devel-20230802.1-6.oe2403sp1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP4","name":"abseil-cpp","purl":"pkg:rpm/openEuler/abseil-cpp\u0026distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20210324.2-2.oe2003sp4"}]}],"ecosystem_specific":{"aarch64":["abseil-cpp-20210324.2-2.oe2003sp4.aarch64.rpm","abseil-cpp-debuginfo-20210324.2-2.oe2003sp4.aarch64.rpm","abseil-cpp-debugsource-20210324.2-2.oe2003sp4.aarch64.rpm","abseil-cpp-devel-20210324.2-2.oe2003sp4.aarch64.rpm"],"src":["abseil-cpp-20210324.2-2.oe2003sp4.src.rpm"],"x86_64":["abseil-cpp-20210324.2-2.oe2003sp4.x86_64.rpm","abseil-cpp-debuginfo-20210324.2-2.oe2003sp4.x86_64.rpm","abseil-cpp-debugsource-20210324.2-2.oe2003sp4.x86_64.rpm","abseil-cpp-devel-20210324.2-2.oe2003sp4.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS-SP3","name":"abseil-cpp","purl":"pkg:rpm/openEuler/abseil-cpp\u0026distro=openEuler-22.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20220623.1-6.oe2203sp3"}]}],"ecosystem_specific":{"aarch64":["abseil-cpp-20220623.1-6.oe2203sp3.aarch64.rpm","abseil-cpp-debuginfo-20220623.1-6.oe2203sp3.aarch64.rpm","abseil-cpp-debugsource-20220623.1-6.oe2203sp3.aarch64.rpm","abseil-cpp-devel-20220623.1-6.oe2203sp3.aarch64.rpm"],"src":["abseil-cpp-20220623.1-6.oe2203sp3.src.rpm"],"x86_64":["abseil-cpp-20220623.1-6.oe2203sp3.x86_64.rpm","abseil-cpp-debuginfo-20220623.1-6.oe2203sp3.x86_64.rpm","abseil-cpp-debugsource-20220623.1-6.oe2203sp3.x86_64.rpm","abseil-cpp-devel-20220623.1-6.oe2203sp3.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1219"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-0838"}],"database_specific":{"severity":"Medium"}}