Fluid Attacks Database

Description

The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	glibc	>=0 <2.41-11	2.41-11
debian 11	glibc	=2.31-13 \|\| =2.31-13+deb11u1 \|\| =2.31-13+deb11u10 \|\| =2.31-13+deb11u11 \|\| =2.31-13+deb11u12 \|\| =2.31-13+deb11u13 \|\| =2.31-13+deb11u2 \|\| =2.31-13+deb11u3 \|\| =2.31-13+deb11u4 \|\| =2.31-13+deb11u5 \|\| =2.31-13+deb11u6 \|\| =2.31-13+deb11u7 \|\| =2.31-13+deb11u8 \|\| =2.31-13+deb11u9 \|\| =2.31-13+hurd.1 \|\| =2.31-13+hurd.2 \|\| =2.31-13+hurd.3 \|\| =2.31-13+qemu \|\| =2.31-14 \|\| =2.31-15 \|\| =2.31-16 \|\| =2.31-17 \|\| =2.31-17~0 \|\| =2.31-18~0 \|\| =2.32-0experimental0 \|\| =2.32-0experimental1 \|\| =2.32-1 \|\| =2.32-2 \|\| =2.32-2+qemu \|\| =2.32-3 \|\| =2.32-4 \|\| =2.32-5 \|\| =2.33-0experimental0 \|\| =2.33-0experimental1 \|\| =2.33-0experimental2 \|\| =2.33-0experimental3 \|\| =2.33-1 \|\| =2.33-1+qemu \|\| =2.33-2 \|\| =2.33-2+qemu \|\| =2.33-2+qemu1 \|\| =2.33-2~0 \|\| =2.33-2~1 \|\| =2.33-2~2 \|\| =2.33-2~3 \|\| =2.33-3 \|\| =2.33-3~0 \|\| =2.33-4 \|\| =2.33-5 \|\| =2.33-6 \|\| =2.33-7 \|\| =2.33-8 \|\| =2.33-8~0 \|\| =2.34-0experimental0 \|\| =2.34-0experimental1 \|\| =2.34-0experimental2 \|\| =2.34-0experimental3 \|\| =2.34-0experimental4 \|\| =2.34-0experimental5 \|\| =2.34-1 \|\| =2.34-2 \|\| =2.34-3 \|\| =2.34-4 \|\| =2.34-5 \|\| =2.34-5~0 \|\| =2.34-6 \|\| =2.34-7 \|\| =2.34-7+qemu \|\| =2.34-8 \|\| =2.34-8~0 \|\| =2.34-9~0 \|\| =2.35-0experimental0 \|\| =2.35-0experimental1 \|\| =2.35-0experimental2 \|\| =2.35-0experimental3 \|\| =2.35-0experimental3+qemu \|\| =2.35-1 \|\| =2.35-1+sparc64 \|\| =2.35-2 \|\| =2.35-3 \|\| =2.35-4 \|\| =2.36-1 \|\| =2.36-10~0 \|\| =2.36-2 \|\| =2.36-3 \|\| =2.36-4 \|\| =2.36-4+ports \|\| =2.36-5 \|\| =2.36-6 \|\| =2.36-7 \|\| =2.36-7~0 \|\| =2.36-7~1 \|\| =2.36-8 \|\| =2.36-8+alpha1 \|\| =2.36-9 \|\| =2.36-9+loong64 \|\| =2.36-9~1 \|\| =2.36-9~2 \|\| =2.36-9~3 \|\| =2.37-1 \|\| =2.37-10 \|\| =2.37-11 \|\| =2.37-12 \|\| =2.37-13 \|\| =2.37-14 \|\| =2.37-15 \|\| =2.37-15.1 \|\| =2.37-15.1+sh4 \|\| =2.37-15~deb13u1 \|\| =2.37-16 \|\| =2.37-17 \|\| =2.37-18 \|\| =2.37-19 \|\| =2.37-2 \|\| =2.37-3 \|\| =2.37-4 \|\| =2.37-5 \|\| =2.37-6 \|\| =2.37-7 \|\| =2.37-8 \|\| =2.37-9 \|\| =2.38-1 \|\| =2.38-10 \|\| =2.38-11 \|\| =2.38-12 \|\| =2.38-12.1 \|\| =2.38-13 \|\| =2.38-14 \|\| =2.38-15~0 \|\| =2.38-15~1 \|\| =2.38-2 \|\| =2.38-3 \|\| =2.38-4 \|\| =2.38-5 \|\| =2.38-6 \|\| =2.38-7 \|\| =2.38-7~0+hurd.1 \|\| =2.38-8 \|\| =2.38-9 \|\| =2.39-1 \|\| =2.39-2 \|\| =2.39-3 \|\| =2.39-3.1 \|\| =2.39-4 \|\| =2.39-5 \|\| =2.39-6 \|\| =2.39-6+hurd.1 \|\| =2.39-6+sh4 \|\| =2.39-7 \|\| =2.39-7+sh4 \|\| =2.39-7~0 \|\| =2.39-8~0 \|\| =2.40-1 \|\| =2.40-2 \|\| =2.40-2+sh4 \|\| =2.40-3 \|\| =2.40-3+sh4 \|\| =2.40-4 \|\| =2.40-5 \|\| =2.40-5~hurd.1 \|\| =2.40-6 \|\| =2.40-6~1 \|\| =2.40-7 \|\| =2.41-1 \|\| =2.41-10 \|\| =2.41-11 \|\| =2.41-12 \|\| =2.41-13~hurd.0 \|\| =2.41-13~hurd.1 \|\| =2.41-2 \|\| =2.41-3 \|\| =2.41-4 \|\| =2.41-4~0 \|\| =2.41-5 \|\| =2.41-5~0 \|\| =2.41-6 \|\| =2.41-7 \|\| =2.41-8 \|\| =2.41-8~0 \|\| =2.41-8~1 \|\| =2.41-9 \|\| =2.41-9~0 \|\| =2.41-9~1 \|\| =2.42-1 \|\| =2.42-10 \|\| =2.42-11 \|\| =2.42-12 \|\| =2.42-12~hurd.1 \|\| =2.42-13 \|\| =2.42-14 \|\| =2.42-14~hurd.1 \|\| =2.42-15 \|\| =2.42-15~hurd.1 \|\| =2.42-2 \|\| =2.42-3 \|\| =2.42-4 \|\| =2.42-5 \|\| =2.42-6 \|\| =2.42-7 \|\| =2.42-8 \|\| =2.42-8~hurd.1 \|\| =2.42-8~hurd.2 \|\| =2.42-9 \|\| =2.43-1 \|\| =2.43-2	-
debian 12	glibc	=2.36-9 \|\| =2.36-9+deb12u1 \|\| =2.36-9+deb12u10 \|\| =2.36-9+deb12u11 \|\| =2.36-9+deb12u12 \|\| =2.36-9+deb12u2 \|\| =2.36-9+deb12u3 \|\| =2.36-9+deb12u4 \|\| =2.36-9+deb12u5 \|\| =2.36-9+deb12u6 \|\| =2.36-9+deb12u7 \|\| =2.36-9+deb12u8 \|\| =2.36-9+deb12u9 \|\| >=0 <2.36-9+deb12u13	2.36-9+deb12u13
debian 14	glibc	>=0 <2.41-11	2.41-11
rpm rhel7	compat-glibc	-	-
rpm rhel6	glibc	-	-
rpm rhel7	glibc	-	-
rpm rhel6	nss_db	-	-
rpm rhel6	compat-glibc	-	-
rpm rhel10	glibc	<0:2.39-46.el10_0	0:2.39-46.el10_0

1-10 of 12

Aliases

1. CVE-2025-80582. NVD-2025-80583. OSV-DEBIAN-2025-80584. OSV-2025-80585. SECURITY-TRACKER-CVE-2025-8058