From 94e908cee9e2a5bdd04a85a36104673417a6ebd9 Mon Sep 17 00:00:00 2001 From: Siddhesh Poyarekar Date: Tue, 21 Jan 2025 16:48:29 -0500 Subject: [PATCH] Add advisory text for CVE-2025-0395 Signed-off-by: Siddhesh Poyarekar Reviewed: Adhemerval Zanella --- advisories/GLIBC-SA-2025-0001 | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 advisories/GLIBC-SA-2025-0001 diff --git a/advisories/GLIBC-SA-2025-0001 b/advisories/GLIBC-SA-2025-0001 new file mode 100644 index 0000000000..3a23feea68 --- /dev/null +++ b/advisories/GLIBC-SA-2025-0001 @@ -0,0 +1,24 @@ +assert: Buffer overflow when printing assertion failure message + +When the assert() function fails, it does not allocate enough space for the +assertion failure message string and size information, which may lead to a +buffer overflow if the message string size aligns to page size. + +This bug can be triggered when an assertion in a program fails. The assertion +failure message is allocated to allow developers to see this failure in core +dumps and it typically includes, in addition to the invariant assertion +string and function name, the name of the program. If the name of the failing +program is user controlled, for example on a local system, this could allow an +attacker to control the assertion failure to trigger this buffer overflow. + +The only viable vector for exploitation of this bug is local, if a setuid +program exists that has an existing bug that results in an assertion failure. +No such program has been discovered at the time of publishing this advisory, +but the presence of custom setuid programs, although strongly discouraged as a +security practice, cannot be discounted. + +CVE-Id: CVE-2025-0395 +Public-Date: 2025-01-22 +Vulnerable-Commit: f8a3b5bf8fa1d0c43d2458e03cc109a04fdef194 (2.13-175) +Fix-Commit: 68ee0f704cb81e9ad0a78c644a83e1e9cd2ee578 (2.41) +Reported-By: Qualys Security Advisory