CVE-2025-0395: Buffer overflow in the GNU C Library's assert()
Published Jan 22, 2025
·Updated
Last updated 10 February 2025
Affected Software
11 affected componentsFixes available
debian/glibc<=2.31-13+deb11u11, <=2.31-13+deb11u10, <=2.36-9+deb12u9, <=2.36-9+deb12u7
2.40-6
GNU C Library>=2.13<=2.40
IBM Cloud Pak System<=2.3.4.0
IBM Cloud Pak System<=2.3.4.1
2.3.4.1 ifix1
IBM Cloud Pak System<=2.3.5.0
IBM Cloud Pak System<=2.3.6.0
IBM OS Image for Red Hat Linux Systems<=4.0.4.0
4.0.5.0
4.0.6.0
4.0.7.0
IBM OS Image for Red Hat Linux Systems<=5.0.0.0
5.0.1.0
Microsoft cbl2 glibc 2.35-7
Microsoft azl3 glibc 2.38-11
Microsoft cbl2 glibc 2.35-7
Event History
Jan 22, 2025
CVE Published
via MITRE·01:11 PM
Data Sourced
via MITRE·01:11 PM
DescriptionWeakness
Data Sourced
via NVD·01:15 PM
DescriptionSeverityWeakness
Data Sourced
via Red Hat·02:01 PM
DescriptionSeverityAffected Software
Feb 14, 2025
Data Sourced
via Ubuntu·05:46 PM
RemedyDescriptionSeverityAffected Software
Jul 11, 2025
Data Sourced
via Microsoft·12:00 AM
DescriptionSeverityWeaknessAffected Software
Updated
via Microsoft·12:00 AM
SeverityAffected Software
Updated
via Microsoft·07:00 AM
DescriptionSeverity
Updated
via Microsoft·07:00 AM
Affected Software
Jan 30, 2026
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-0395?
CVE-2025-0395 has a high severity rating due to the potential for a buffer overflow that can lead to system compromise.
2
How do I fix CVE-2025-0395?
To fix CVE-2025-0395, upgrade to GNU C Library version 2.40-6 or later.
3
Which versions of GNU C Library are affected by CVE-2025-0395?
CVE-2025-0395 affects GNU C Library versions between 2.13 and 2.40.
4
What could be the impact of CVE-2025-0395 on my system?
The impact of CVE-2025-0395 may include application crashes or arbitrary code execution due to the buffer overflow.
5
Is CVE-2025-0395 a critical vulnerability?
Yes, CVE-2025-0395 is considered critical due to its ability to affect system stability and security.