{"schema_version":"1.7.2","id":"OESA-2025-2046","modified":"2025-08-15T12:40:15Z","published":"2025-08-15T12:40:15Z","upstream":["CVE-2025-8058"],"summary":"glibc security update","details":"The GNU C Library project provides the core libraries for the GNU system and\nGNU/Linux systems, as well as many other systems that use Linux as the kernel.\nThese libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD,\nOS-specific APIs and more. These APIs include such foundational facilities as\nopen, read, write, malloc, printf, getaddrinfo, dlopen, pthread_create, crypt,\n login, exit and more.\r\n\r\nSecurity Fix(es):\n\nThe regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.(CVE-2025-8058)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS-SP2","name":"glibc","purl":"pkg:rpm/openEuler/glibc&distro=openEuler-24.03-LTS-SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.38-65.oe2403sp2"}]}],"ecosystem_specific":{"aarch64":["glibc-2.38-65.oe2403sp2.aarch64.rpm","glibc-all-langpacks-2.38-65.oe2403sp2.aarch64.rpm","glibc-common-2.38-65.oe2403sp2.aarch64.rpm","glibc-debuginfo-2.38-65.oe2403sp2.aarch64.rpm","glibc-debugsource-2.38-65.oe2403sp2.aarch64.rpm","glibc-debugutils-2.38-65.oe2403sp2.aarch64.rpm","glibc-devel-2.38-65.oe2403sp2.aarch64.rpm","glibc-locale-archive-2.38-65.oe2403sp2.aarch64.rpm","glibc-locale-source-2.38-65.oe2403sp2.aarch64.rpm","glibc-nss-devel-2.38-65.oe2403sp2.aarch64.rpm","libnsl-2.38-65.oe2403sp2.aarch64.rpm","nscd-2.38-65.oe2403sp2.aarch64.rpm","nss_modules-2.38-65.oe2403sp2.aarch64.rpm"],"noarch":["glibc-help-2.38-65.oe2403sp2.noarch.rpm"],"src":["glibc-2.38-65.oe2403sp2.src.rpm"],"x86_64":["glibc-2.38-65.oe2403sp2.x86_64.rpm","glibc-all-langpacks-2.38-65.oe2403sp2.x86_64.rpm","glibc-common-2.38-65.oe2403sp2.x86_64.rpm","glibc-debuginfo-2.38-65.oe2403sp2.x86_64.rpm","glibc-debugsource-2.38-65.oe2403sp2.x86_64.rpm","glibc-debugutils-2.38-65.oe2403sp2.x86_64.rpm","glibc-devel-2.38-65.oe2403sp2.x86_64.rpm","glibc-locale-archive-2.38-65.oe2403sp2.x86_64.rpm","glibc-locale-source-2.38-65.oe2403sp2.x86_64.rpm","glibc-nss-devel-2.38-65.oe2403sp2.x86_64.rpm","libnsl-2.38-65.oe2403sp2.x86_64.rpm","nscd-2.38-65.oe2403sp2.x86_64.rpm","nss_modules-2.38-65.oe2403sp2.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2046"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8058"}],"database_specific":{"severity":"Medium"}}