Add advisory text for CVE-2025-0395

Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2025-01-21 16:48:29 -05:00 · 2025-01-21 16:48:29 -05:00 · 94e908cee9
parent 68ee0f704c
commit 94e908cee9
1 changed files with 24 additions and 0 deletions
--- a/advisories/GLIBC-SA-2025-0001
+++ b/advisories/GLIBC-SA-2025-0001
@ -0,0 +1,24 @@
+assert: Buffer overflow when printing assertion failure message
+
+When the assert() function fails, it does not allocate enough space for the
+assertion failure message string and size information, which may lead to a
+buffer overflow if the message string size aligns to page size.
+
+This bug can be triggered when an assertion in a program fails.  The assertion
+failure message is allocated to allow developers to see this failure in core
+dumps and it typically includes, in addition to the invariant assertion
+string and function name, the name of the program.  If the name of the failing
+program is user controlled, for example on a local system, this could allow an
+attacker to control the assertion failure to trigger this buffer overflow.
+
+The only viable vector for exploitation of this bug is local, if a setuid
+program exists that has an existing bug that results in an assertion failure.
+No such program has been discovered at the time of publishing this advisory,
+but the presence of custom setuid programs, although strongly discouraged as a
+security practice, cannot be discounted.
+
+CVE-Id: CVE-2025-0395
+Public-Date: 2025-01-22
+Vulnerable-Commit: f8a3b5bf8fa1d0c43d2458e03cc109a04fdef194 (2.13-175)
+Fix-Commit: 68ee0f704cb81e9ad0a78c644a83e1e9cd2ee578 (2.41)
+Reported-By: Qualys Security Advisory