CVE-2025-13601
HIGHDescription
A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| redhat | codeready_linux_builder |
| redhat | codeready_linux_builder_for_ibm_z_systems |
| redhat | codeready_linux_builder_for_power_little_endian |
| redhat | codeready_linux_builder_for_x86_64 |
| redhat | enterprise_linux_for_arm_64 |
| redhat | enterprise_linux_for_ibm_z_systems |
| redhat | enterprise_linux_for_power_little_endian |
| redhat | enterprise_linux_for_x86_64 |
| redhat | codeready_linux_builder_for_arm64 |
| redhat | codeready_linux_builder_for_ibm_z_systems |
| redhat | codeready_linux_builder_for_power_little_endian |
| redhat | codeready_linux_builder_for_x86_64 |
| redhat | enterprise_linux_for_arm_64 |
| redhat | enterprise_linux_for_ibm_z_systems |
| redhat | enterprise_linux_for_power_little_endian |
| redhat | enterprise_linux_for_x86_64 |
| redhat | codeready_linux_builder_for_arm64 |
| redhat | codeready_linux_builder_for_ibm_z_systems |
| redhat | codeready_linux_builder_for_power_little_endian |
| redhat | codeready_linux_builder_for_x86_64 |
| redhat | enterprise_linux_for_arm_64 |
| redhat | enterprise_linux_for_ibm_z_systems |
| redhat | enterprise_linux_for_power_little_endian |
| redhat | enterprise_linux_for_x86_64 |
| redhat | enterprise_linux_for_arm_64 |
| redhat | enterprise_linux_for_ibm_z_systems |
| redhat | enterprise_linux_for_power_little_endian |
| redhat | enterprise_linux_for_x86_64 |
| redhat | enterprise_linux_server_aus |
| redhat | codeready_linux_builder_for_arm64_eus |
| redhat | codeready_linux_builder_for_ibm_z_systems |
| redhat | codeready_linux_builder_for_power_little_endian |
| redhat | codeready_linux_builder_for_x86_64 |
| redhat | enterprise_linux_for_arm_64 |
| redhat | enterprise_linux_for_ibm_z_systems |
| redhat | enterprise_linux_for_power_little_endian |
| redhat | enterprise_linux_for_x86_64 |
| redhat | enterprise_linux_for_x86_64_eus |
| redhat | enterprise_linux_server_aus |
| redhat | enterprise_linux_server_for_power_little_endian |
| redhat | enterprise_linux_server_for_power_little_endian_eus |
| redhat | codeready_linux_builder_for_arm64_eus |
| redhat | codeready_linux_builder_for_ibm_z_systems_eus |
| redhat | codeready_linux_builder_for_power_little_endian_eus |
| redhat | codeready_linux_builder_for_x86_64_eus |
| redhat | enterprise_linux_for_arm_64_eus |
| redhat | enterprise_linux_for_ibm_z_systems_eus |
| redhat | enterprise_linux_for_power_little_endian_eus |
| redhat | enterprise_linux_for_x86_64_eus |
| redhat | enterprise_linux_server_for_power_little_endian |
| redhat | codeready_linux_builder_for_arm64 |
| redhat | codeready_linux_builder_for_ibm_z_systems |
| redhat | codeready_linux_builder_for_power_little_endian |
| redhat | codeready_linux_builder_for_x86_64 |
| redhat | enterprise_linux_for_arm_64 |
| redhat | enterprise_linux_for_ibm_z_systems |
| redhat | enterprise_linux_for_power_little_endian |
| redhat | enterprise_linux_for_power_little_endian_eus |
| redhat | enterprise_linux_for_x86_64 |
| redhat | enterprise_linux_for_x86_64_eus |
| redhat | enterprise_linux_server_aus |
| redhat | enterprise_linux_server_for_power_little_endian |
| redhat | enterprise_linux_for_x86_64 |
| redhat | enterprise_linux_for_x86_64_eus |
| redhat | enterprise_linux_server_aus |
| redhat | enterprise_linux_server_for_power_little_endian |
| redhat | enterprise_linux_server_tus |
| redhat | enterprise_linux_for_x86_64 |
| redhat | enterprise_linux_for_x86_64_eus |
| redhat | enterprise_linux_server_for_power_little_endian |
| redhat | enterprise_linux_server_tus |
| redhat | enterprise_linux_for_x86_64_eus |
| redhat | enterprise_linux_server_aus |
| redhat | enterprise_linux_server_aus |
| redhat | ceph_storage |
| redhat | discovery |
| gnome | glib |
| redhat | openshift_container_platform |
| redhat | openshift_container_platform |
| redhat | openshift_container_platform |
| redhat | openshift_container_platform |
| redhat | openshift_container_platform |
| redhat | openshift_container_platform_for_arm64 |
| redhat | openshift_container_platform_for_arm64 |
| redhat | openshift_container_platform_for_arm64 |
| redhat | openshift_container_platform_for_arm64 |
| redhat | openshift_container_platform_for_arm64 |
| redhat | openshift_container_platform_for_ibm_z |
| redhat | openshift_container_platform_for_ibm_z |
| redhat | openshift_container_platform_for_ibm_z |
| redhat | openshift_container_platform_for_ibm_z |
| redhat | openshift_container_platform_for_ibm_z |
| redhat | openshift_container_platform_for_linuxone |
| redhat | openshift_container_platform_for_linuxone |
| redhat | openshift_container_platform_for_linuxone |
| redhat | openshift_container_platform_for_linuxone |
| redhat | openshift_container_platform_for_linuxone |
| redhat | openshift_container_platform_for_power |
| redhat | openshift_container_platform_for_power |
| redhat | openshift_container_platform_for_power |
| redhat | openshift_container_platform_for_power |
| redhat | openshift_container_platform_for_power |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-13601? +
How severe is CVE-2025-13601? +
What products are affected by CVE-2025-13601? +
How do I check if I'm vulnerable to CVE-2025-13601? +
Related Vulnerabilities
Out-of-bounds array write in Xpdf 4.05 and earlier, due to incorrect integer overflow checking in the PostScript function interpreter code.
z2d is a pure Zig 2D graphics library. Versions of z2d after `0.5.1` and up to and including `0.6.0`, when …
If a SCSI READ(10) command is initiated via USB using the largest LBA (0xFFFFFFFF) with it's default block size of …
Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly (src/redis/lua/struct modules). This vulnerability is associated with program files lua_struct.C. This issue …
An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers …
KissFFT versions prior to the fix commit 1b083165 contain an integer overflow in kiss_fft_alloc() in kiss_fft.c on platforms where size_t …