CVE-2026-58013
Undergoing Analysis Undergoing Analysis - In Progress

Buffer Over-Read in GLib via Custom Line Terminator

Publication date: 2026-06-30

Last updated on: 2026-06-30

Assigner: Red Hat, Inc.

Description
A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes or a denial of service when the buffer over-read crosses a page boundary.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-30
Last Modified
2026-06-30
Generated
2026-06-30
AI Q&A
2026-06-30
EPSS Evaluated
N/A
NVD
CVE-2026-58013
EUVD
EUVD-2026-40315

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
glib glib From 2.68.0 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-126 The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Mitigation Strategies

Immediate mitigation involves updating the glib library to a version where this vulnerability is fixed.

Avoid using custom line terminators longer than one byte with g_io_channel_set_line_term() in your applications until the patch is applied.

Monitor applications for crashes or abnormal behavior related to glib and consider applying any vendor patches or updates as soon as they become available.

Executive Summary

This vulnerability is a buffer over-read flaw found in the GLib library, specifically in the function g_io_channel_read_line_backend() within the giochannel.c file. It occurs when a custom line terminator longer than one byte is set. The memcmp function reads more bytes than are available in the buffer, causing it to read past the allocated memory of a GString buffer.

This happens because the loop condition only ensures at least one byte is available, but memcmp tries to read the full length of the line terminator, potentially accessing unallocated memory. This can lead to memory corruption or crashes.

Impact Analysis

The vulnerability can cause a minor information disclosure of up to 7 bytes or a denial of service (DoS) if the buffer over-read crosses a page boundary.

The denial of service can occur due to memory corruption or crashes triggered by reading beyond the allocated buffer.

Detection Guidance

This vulnerability occurs in the glib library function g_io_channel_read_line_backend() when a custom line terminator longer than one byte is set. Detection involves checking if your system uses a vulnerable version of glib and if applications use g_io_channel_set_line_term() with multi-byte line terminators.

Since the issue is a heap-buffer-overflow read leading to potential memory corruption or crashes, detection can include monitoring for application crashes or memory errors related to glib usage.

There are no specific commands provided in the resources to detect this vulnerability directly on your network or system.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-58013. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart