Home > Vulnerability Database > CVE-2025-8058

Mend.io Vulnerability Database

CVE-2025-8058

Good to know:

Date: July 23, 2025

The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.

Severity Score

6.6

Related Resources (4)

Url: https://sourceware.org/bugzilla/show_bug.cgi?id=33185

Url: https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-8058

Url: https://www.mend.io/vulnerability-database/CVE-2025-8058

Severity Score

6.6

Weakness Type (CWE)

Double Free

CWE-415

Top Fix

Upgrade Version

Upgrade to version https://sourceware.org/git/glibc.git - no_fix

CVSS v3.1

Base Score:	6.6
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-8058

Good to know:

Date: July 23, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?