CVE-2025-8058
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-23

Last updated on: 2025-11-04

Assigner: GNU C Library

Description
The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-23
Last Modified
2025-11-04
Generated
2026-05-27
AI Q&A
2025-07-23
EPSS Evaluated
2026-05-25
NVD
CVE-2025-8058
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
gnu gnu_c_library 2.41
gnu gnu_c_library 2.4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-415 The product calls free() twice on the same memory address.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a double free issue in the regcomp function of the GNU C library versions 2.4 to 2.41. It occurs if a previous memory allocation fails, either due to an actual malloc failure or an interposed malloc that injects random failures. This double free can lead to buffer manipulation depending on how the regular expression is constructed.


How can this vulnerability impact me? :

The double free vulnerability can allow an attacker to manipulate buffers, which may lead to undefined behavior such as memory corruption, crashes, or potentially arbitrary code execution depending on the context and how the regex is constructed.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart