CVE-2025-5745
BaseFortify
Publication date: 2025-06-05
Last updated on: 2025-10-22
Assigner: GNU C Library
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnu | glibc | From 2.40 (inc) to 2.40-136 (exc) |
| gnu | glibc | From 2.41 (inc) to 2.41-57 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-665 | The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is in the strncmp function optimized for the Power10 processor in GNU C Library version 2.40 and later. The function writes to certain vector registers (v20 to v31) without saving their previous contents, even though these registers are supposed to be preserved according to the powerpc64le ABI. This can overwrite important data from the caller, potentially changing the program's control flow or causing sensitive input strings to be leaked to other parts of the program.
How can this vulnerability impact me? :
The vulnerability can lead to altered control flow in programs using the affected strncmp implementation, which may cause unexpected behavior or crashes. Additionally, it can result in leaking sensitive input strings to other parts of the program, potentially exposing confidential information.