Nixpkgs security tracker

Untriaged

Permalink CVE-2025-60019

3.7 LOW

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): LOW

created 4 months, 1 week ago

Glib-networking: uninitialized memory dereferences on glib-networking through glib-networking/tls/openssl/gtlsbio.c via g_tls_bio_new_from_iostream() and g_tls_bio_new_from_datagram_based()

glib-networking's OpenSSL backend fails to properly check the return value of memory allocation routines. An out of memory condition could potentially result in writing to an invalid memory location.

References

https://access.redhat.com/security/cve/CVE-2025-60019 vdb-entryx_refsource_REDHAT
RHBZ#2398140 x_refsource_REDHATissue-tracking
https://gitlab.gnome.org/GNOME/glib-networking/-/issues/227
https://access.redhat.com/security/cve/CVE-2025-60019 vdb-entryx_refsource_REDHAT
RHBZ#2398140 x_refsource_REDHATissue-tracking
https://gitlab.gnome.org/GNOME/glib-networking/-/issues/227

Affected products

glib-networking

<2.80.2

Matching in nixpkgs

pkgs.glib-networking

Network-related giomodules for glib

nixos-unstable 2.80.1
- nixpkgs-unstable 2.80.1
- nixos-unstable-small 2.80.1

Package maintainers

@bobby285271 Bobby Rong <rjl931189261@126.com>
@jtojnar Jan Tojnar <jtojnar@gmail.com>
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.glib-networking

Package maintainers