CVE-2025-4373 - Vulnerability Details

A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Enterprise Linux Insights Proxy Openshift Distributed Tracing Rhel E4s Rhel Eus

No data.

References

Link	Providers
https://access.redhat.com/errata/RHSA-2025:10855
https://access.redhat.com/errata/RHSA-2025:11140
https://access.redhat.com/errata/RHSA-2025:11327
https://access.redhat.com/errata/RHSA-2025:11373
https://access.redhat.com/errata/RHSA-2025:11374
https://access.redhat.com/errata/RHSA-2025:11662
https://access.redhat.com/errata/RHSA-2025:12275
https://access.redhat.com/errata/RHSA-2025:13335
https://access.redhat.com/security/cve/CVE-2025-4373
https://bugzilla.redhat.com/show_bug.cgi?id=2364265
https://gitlab.gnome.org/GNOME/glib/-/issues/3677
https://nvd.nist.gov/vuln/detail/CVE-2025-4373
https://www.cve.org/CVERecord?id=CVE-2025-4373

History

Thu, 07 Aug 2025 09:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat insights Proxy
CPEs		cpe:/a:redhat:insights_proxy:1.5::el9
Vendors & Products		Redhat insights Proxy
References		https://access.redhat.com/errata/RHSA-2025:13335

Wed, 30 Jul 2025 09:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_e4s:9.0::appstream cpe:/o:redhat:rhel_e4s:9.0::baseos
References		https://access.redhat.com/errata/RHSA-2025:12275

Tue, 29 Jul 2025 13:15:00 +0000

Type	Values Removed	Values Added
References		https://gitlab.gnome.org/GNOME/glib/-/issues/3677

Wed, 23 Jul 2025 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat openshift Distributed Tracing
CPEs		cpe:/a:redhat:openshift_distributed_tracing:3.6::el8
Vendors & Products		Redhat openshift Distributed Tracing
References		https://access.redhat.com/errata/RHSA-2025:11662

Thu, 17 Jul 2025 14:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel E4s Redhat rhel Eus
CPEs		cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/a:redhat:rhel_eus:9.4::crb cpe:/o:redhat:rhel_e4s:9.2::baseos cpe:/o:redhat:rhel_eus:9.4::baseos
Vendors & Products		Redhat rhel E4s Redhat rhel Eus
References		https://access.redhat.com/errata/RHSA-2025:11373 https://access.redhat.com/errata/RHSA-2025:11374

Wed, 16 Jul 2025 19:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:8::crb cpe:/o:redhat:enterprise_linux:8::baseos
References		https://access.redhat.com/errata/RHSA-2025:11327

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00055}`	epss `{'score': 0.00058}`

Tue, 15 Jul 2025 14:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb cpe:/o:redhat:enterprise_linux:9::baseos
References		https://access.redhat.com/errata/RHSA-2025:11140

Tue, 15 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00058}`	epss `{'score': 0.00055}`

Mon, 14 Jul 2025 14:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:enterprise_linux:10.0
References		https://access.redhat.com/errata/RHSA-2025:10855

Sun, 13 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00056}`	epss `{'score': 0.00058}`

Thu, 29 May 2025 12:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:enterprise_linux:10

Tue, 06 May 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 06 May 2025 15:00:00 +0000

Type	Values Removed	Values Added
Description	No description is available for this CVE.	A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.
Title	glib: Buffer Underflow on GLib through glib/gstring.c via function g_string_insert_unichar	Glib: buffer underflow on glib through glib/gstring.c via function g_string_insert_unichar
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux
References		https://access.redhat.com/security/cve/CVE-2025-4373 https://bugzilla.redhat.com/show_bug.cgi?id=2364265

Tue, 06 May 2025 14:30:00 +0000

Type	Values Removed	Values Added
Description		No description is available for this CVE.
Title		glib: Buffer Underflow on GLib through glib/gstring.c via function g_string_insert_unichar
Weaknesses		CWE-124
References		https://nvd.nist.gov/vuln/detail/CVE-2025-4373 https://www.cve.org/CVERecord?id=CVE-2025-4373
Metrics	threat_severity `None`	cvssV3_1 `{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L'}` threat_severity `Moderate`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-05-06T14:48:39.264Z

Updated: 2025-08-07T09:03:11.696Z

Reserved: 2025-05-06T00:35:29.069Z

Link: CVE-2025-4373

Vulnrichment

Updated: 2025-05-06T15:09:37.975Z

NVD

Status : Awaiting Analysis

Published: 2025-05-06T15:16:05.320

Modified: 2025-08-07T09:15:28.173

Link: CVE-2025-4373

Redhat

Severity : Moderate

Publid Date: 2025-05-06T00:00:00Z

Links: CVE-2025-4373 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object