CVE-2025-13601

Published: Nov 26, 2025

Modified: Jun 2, 2026

PUBLISHED

CVSS v3.1

7.7

HIGH

Description

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.

Vendor	Product	Versions
Unknown	glib	affected `0 - < 2.86.3`
Red Hat	Red Hat Enterprise Linux 10	unaffected `0:2.80.4-10.el10_1.12 - < *`
Red Hat	Red Hat Enterprise Linux 10	unaffected `0:2.87.0-1.el10 - < *`
Red Hat	Red Hat Enterprise Linux 10.0 Extended Update Support	unaffected `0:2.80.4-4.el10_0.8 - < *`
Red Hat	Red Hat Enterprise Linux 7 Extended Lifecycle Support	unaffected `0:2.56.1-11.el7_9 - < *`
Red Hat	Red Hat Enterprise Linux 8	unaffected `0:2.56.4-168.el8_10 - < *`
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	unaffected `0:2.56.4-8.el8_2.4 - < *`
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	unaffected `0:2.56.4-10.el8_4.4 - < *`
Red Hat	Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	unaffected `0:2.56.4-10.el8_4.4 - < *`
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	unaffected `0:2.56.4-158.el8_6.4 - < *`
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	unaffected `0:2.56.4-158.el8_6.4 - < *`
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	unaffected `0:2.56.4-158.el8_6.4 - < *`
Red Hat	Red Hat Enterprise Linux 8.8 Telecommunications Update Service	unaffected `0:2.56.4-164.el8_8 - < *`
Red Hat	Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	unaffected `0:2.56.4-164.el8_8 - < *`
Red Hat	Red Hat Enterprise Linux 9	unaffected `0:2.68.4-18.el9_7.1 - < *`
Red Hat	Red Hat Enterprise Linux 9	unaffected `0:2.78.6-3.el9 - < *`
Red Hat	Red Hat Enterprise Linux 9	unaffected `0:2.68.4-18.el9_7.1 - < *`
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	unaffected `0:2.68.4-5.el9_0.4 - < *`
Red Hat	Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	unaffected `0:2.68.4-7.el9_2.4 - < *`
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	unaffected `0:2.68.4-14.el9_4.5 - < *`
Red Hat	Red Hat Enterprise Linux 9.6 Extended Update Support	unaffected `0:2.68.4-16.el9_6.4 - < *`
Red Hat	Red Hat OpenShift Container Platform 4.12	unaffected `412.86.202602021310-0 - < *`
Red Hat	Red Hat OpenShift Container Platform 4.13	unaffected `413.92.202602240113-0 - < *`
Red Hat	Red Hat OpenShift Container Platform 4.14	unaffected `414.92.202602171627-0 - < *`
Red Hat	Red Hat OpenShift Container Platform 4.15	unaffected `415.92.202603101737-0 - < *`
Red Hat	Red Hat OpenShift Container Platform 4.16	unaffected `416.94.202602101357-0 - < *`
Red Hat	Red Hat OpenShift Container Platform 4.17	unaffected `417.94.202602090846-0 - < *`
Red Hat	Red Hat OpenShift Container Platform 4.18	unaffected `418.94.202602022246-0 - < *`
Red Hat	Red Hat OpenShift Container Platform 4.19	unaffected `4.19.9.6.202602112047-0 - < *`
Red Hat	Red Hat Ceph Storage 8	unaffected `1769512383 - < *`
Red Hat	Red Hat Discovery 2	unaffected `1769104765 - < *`
Red Hat	Red Hat Discovery 2	unaffected `1769111774 - < *`
Red Hat	Red Hat Hardened Images	unaffected `2.88.0-1.1.hum1 - < *`
Red Hat	Red Hat Insights proxy 1.5	unaffected `1770740405 - < *`
Red Hat	Red Hat Update Infrastructure 5	unaffected `1770808689 - < *`
Red Hat	Red Hat Update Infrastructure 5	unaffected `1770807477 - < *`
Red Hat	Red Hat Update Infrastructure 5	unaffected `1770646925 - < *`
Red Hat	Red Hat Update Infrastructure 5	unaffected `1770808765 - < *`
Red Hat	Red Hat Enterprise Linux 6	All versions
Red Hat	Red Hat Enterprise Linux 8	All versions