{"api_version":"1","generated_at":"2026-05-13T02:10:57+00:00","cve":"CVE-2025-4373","urls":{"html":"https://cve.report/CVE-2025-4373","api":"https://cve.report/api/cve/CVE-2025-4373.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-4373","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-4373"},"summary":{"title":"Glib: buffer underflow on glib through glib/gstring.c via function g_string_insert_unichar","description":"A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.","state":"PUBLISHED","assigner":"redhat","published_at":"2025-05-06 15:16:05","updated_at":"2026-05-12 13:17:21"},"problem_types":["CWE-124","CWE-124 Buffer Underwrite ('Buffer Underflow')"],"metrics":[{"version":"3.1","source":"secalert@redhat.com","type":"Secondary","score":"4.8","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"4.8","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L","data":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":4.8,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L","version":"3.1"}}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2025:10855","name":"https://access.redhat.com/errata/RHSA-2025:10855","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://gitlab.gnome.org/GNOME/glib/-/issues/3677","name":"https://gitlab.gnome.org/GNOME/glib/-/issues/3677","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/security/cve/CVE-2025-4373","name":"https://access.redhat.com/security/cve/CVE-2025-4373","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-089022.html","name":"https://cert-portal.siemens.com/productcert/html/ssa-089022.html","refsource":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:12275","name":"https://access.redhat.com/errata/RHSA-2025:12275","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-082556.html","name":"https://cert-portal.siemens.com/productcert/html/ssa-082556.html","refsource":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:11662","name":"https://access.redhat.com/errata/RHSA-2025:11662","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:11374","name":"https://access.redhat.com/errata/RHSA-2025:11374","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:11327","name":"https://access.redhat.com/errata/RHSA-2025:11327","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:13335","name":"https://access.redhat.com/errata/RHSA-2025:13335","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:14989","name":"https://access.redhat.com/errata/RHSA-2025:14989","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:11373","name":"https://access.redhat.com/errata/RHSA-2025:11373","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:14988","name":"https://access.redhat.com/errata/RHSA-2025:14988","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:11140","name":"https://access.redhat.com/errata/RHSA-2025:11140","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:14990","name":"https://access.redhat.com/errata/RHSA-2025:14990","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2364265","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2364265","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:14991","name":"https://access.redhat.com/errata/RHSA-2025:14991","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-4373","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-4373","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","version":"unaffected 0:2.80.4-4.el10_0.6 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","version":"unaffected 0:2.56.4-166.el8_10 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.2 Advanced Update Support","version":"unaffected 0:2.56.4-8.el8_2.2 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","version":"unaffected 0:2.56.4-10.el8_4.2 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On","version":"unaffected 0:2.56.4-10.el8_4.2 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","version":"unaffected 0:2.56.4-158.el8_6.2 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Telecommunications Update Service","version":"unaffected 0:2.56.4-158.el8_6.2 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions","version":"unaffected 0:2.56.4-158.el8_6.2 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","version":"unaffected 0:2.56.4-162.el8_8 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","version":"unaffected 0:2.56.4-162.el8_8 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","version":"unaffected 0:2.68.4-16.el9_6.2 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","version":"unaffected 0:2.68.4-16.el9_6.2 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions","version":"unaffected 0:2.68.4-5.el9_0.2 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions","version":"unaffected 0:2.68.4-7.el9_2.2 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Extended Update Support","version":"unaffected 0:2.68.4-14.el9_4.3 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Insights proxy 1.5","version":"unaffected sha256:e54a5a5f9d69dd6a03e2bcd845e2202910a188d266d4a79b12c387ceffc36f2d * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.6.0","version":"unaffected sha256:a891aa3f77d70d9d7966dfc71ff9087f45deb95d3025072da96a3ec5220db1f3 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.6.0","version":"unaffected sha256:d9ca4a9ec5bc8de23e4550387f822f19949cdfbc4aeeab20e07b206d92f4a426 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.6.0","version":"unaffected sha256:addf7b49ce99777a3bbf12c2e6678b604f3cfaf91feaaeb4192d75e902e46458 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.6.0","version":"unaffected sha256:d4ef54ac8de0eaf22e294dad8852ea8b5c20f85deb19629a3a4e0020851266c3 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.6.0","version":"unaffected sha256:1c4617b035c66b6b34e9b19f618f72a19da5fce644d79e24eb262f14c848bc81 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.6.0","version":"unaffected sha256:8c5dddd29d08fe8234edbbcda055fe6b0f9a7d7a0edfc3cd130797fdf78cce5c * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.6.0","version":"unaffected sha256:be3feca3b19ac609e5ef829887b6d03ca3c504163ed0f9e10b2410cdfb175b72 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.6.0","version":"unaffected sha256:3d37f30462f237f5087ef8ac90e39f5cd2cbaf5c143f7cae9d6155eb574726f2 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.6.0","version":"unaffected sha256:8fb68adefecd8ccb94404399ac6c8038c064c85287f4f980a0855da1cbd0dcb7 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","version":"","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"RUGGEDCOM RST2428P","version":"affected V3.3 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family","version":"affected V3.3 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SCALANCE XCH328","version":"affected V3.3 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SCALANCE XCM324","version":"affected V3.3 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SCALANCE XCM328","version":"affected V3.3 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SCALANCE XCM332","version":"affected V3.3 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SCALANCE XRH334 (24 V DC, 8xFO, CC)","version":"affected V3.3 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SCALANCE XRM334 (230 V AC, 12xFO)","version":"affected V3.3 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SCALANCE XRM334 (230 V AC, 8xFO)","version":"affected V3.3 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+)","version":"affected V3.3 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SCALANCE XRM334 (24 V DC, 12xFO)","version":"affected V3.3 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SCALANCE XRM334 (24 V DC, 8xFO)","version":"affected V3.3 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+)","version":"affected V3.3 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SCALANCE XRM334 (2x230 V AC, 12xFO)","version":"affected V3.3 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SCALANCE XRM334 (2x230 V AC, 8xFO)","version":"affected V3.3 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+)","version":"affected V3.3 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","version":"affected V3.1.5 * custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","version":"affected V3.1.5 * custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","version":"affected V3.1.5 * custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","version":"affected V3.1.5 * custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP","version":"affected V3.1.5 * custom","platforms":[]}],"timeline":[{"source":"CNA","time":"2025-05-06T00:33:30.003Z","lang":"en","value":"Reported to Red Hat."},{"source":"CNA","time":"2025-05-06T00:00:00.000Z","lang":"en","value":"Made public."}],"solutions":[],"workarounds":[{"source":"CNA","title":"","value":"Currently, no mitigation is available for this vulnerability.","time":"","lang":"en"}],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"4373","cve":"CVE-2025-4373","epss":"0.007420000","percentile":"0.730900000","score_date":"2026-05-12","updated_at":"2026-05-13 00:11:53"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-4373","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2025-05-06T15:09:21.791020Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2025-05-06T15:09:46.724Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"},{"affected":[{"defaultStatus":"unknown","product":"RUGGEDCOM RST2428P","vendor":"Siemens","versions":[{"lessThan":"V3.3","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family","vendor":"Siemens","versions":[{"lessThan":"V3.3","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SCALANCE XCH328","vendor":"Siemens","versions":[{"lessThan":"V3.3","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SCALANCE XCM324","vendor":"Siemens","versions":[{"lessThan":"V3.3","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SCALANCE XCM328","vendor":"Siemens","versions":[{"lessThan":"V3.3","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SCALANCE XCM332","vendor":"Siemens","versions":[{"lessThan":"V3.3","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SCALANCE XRH334 (24 V DC, 8xFO, CC)","vendor":"Siemens","versions":[{"lessThan":"V3.3","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SCALANCE XRM334 (230 V AC, 12xFO)","vendor":"Siemens","versions":[{"lessThan":"V3.3","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SCALANCE XRM334 (230 V AC, 8xFO)","vendor":"Siemens","versions":[{"lessThan":"V3.3","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+)","vendor":"Siemens","versions":[{"lessThan":"V3.3","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SCALANCE XRM334 (24 V DC, 12xFO)","vendor":"Siemens","versions":[{"lessThan":"V3.3","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SCALANCE XRM334 (24 V DC, 8xFO)","vendor":"Siemens","versions":[{"lessThan":"V3.3","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+)","vendor":"Siemens","versions":[{"lessThan":"V3.3","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SCALANCE XRM334 (2x230 V AC, 12xFO)","vendor":"Siemens","versions":[{"lessThan":"V3.3","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SCALANCE XRM334 (2x230 V AC, 8xFO)","vendor":"Siemens","versions":[{"lessThan":"V3.3","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+)","vendor":"Siemens","versions":[{"lessThan":"V3.3","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"V3.1.5","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"V3.1.5","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"V3.1.5","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"V3.1.5","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"V3.1.5","versionType":"custom"}]}],"providerMetadata":{"dateUpdated":"2026-05-12T12:02:18.518Z","orgId":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","shortName":"siemens-SADP"},"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-082556.html"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-089022.html"}],"x_adpType":"supplier"}],"cna":{"affected":[{"collectionURL":"https://gitlab.gnome.org/GNOME/glib","defaultStatus":"unaffected","packageName":"glib","versions":[{"lessThan":"2.84.2","status":"affected","version":"0","versionType":"semver"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:10.0"],"defaultStatus":"affected","packageName":"glib2","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.80.4-4.el10_0.6","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux:8::crb","cpe:/o:redhat:enterprise_linux:8::baseos"],"defaultStatus":"affected","packageName":"glib2","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.56.4-166.el8_10","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:rhel_aus:8.2::baseos"],"defaultStatus":"affected","packageName":"glib2","product":"Red Hat Enterprise Linux 8.2 Advanced Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.56.4-8.el8_2.2","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.4::baseos","cpe:/o:redhat:rhel_aus:8.4::baseos"],"defaultStatus":"affected","packageName":"glib2","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.56.4-10.el8_4.2","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.4::baseos","cpe:/o:redhat:rhel_aus:8.4::baseos"],"defaultStatus":"affected","packageName":"glib2","product":"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.56.4-10.el8_4.2","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_tus:8.6::baseos","cpe:/o:redhat:rhel_e4s:8.6::baseos"],"defaultStatus":"affected","packageName":"glib2","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.56.4-158.el8_6.2","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_tus:8.6::baseos","cpe:/o:redhat:rhel_e4s:8.6::baseos"],"defaultStatus":"affected","packageName":"glib2","product":"Red Hat Enterprise Linux 8.6 Telecommunications Update Service","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.56.4-158.el8_6.2","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_tus:8.6::baseos","cpe:/o:redhat:rhel_e4s:8.6::baseos"],"defaultStatus":"affected","packageName":"glib2","product":"Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.56.4-158.el8_6.2","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:rhel_tus:8.8::baseos","cpe:/o:redhat:rhel_e4s:8.8::baseos"],"defaultStatus":"affected","packageName":"glib2","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.56.4-162.el8_8","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:rhel_tus:8.8::baseos","cpe:/o:redhat:rhel_e4s:8.8::baseos"],"defaultStatus":"affected","packageName":"glib2","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.56.4-162.el8_8","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux:9::crb","cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"defaultStatus":"affected","packageName":"glib2","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.68.4-16.el9_6.2","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux:9::crb","cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"defaultStatus":"affected","packageName":"glib2","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.68.4-16.el9_6.2","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:rhel_e4s:9.0::baseos","cpe:/a:redhat:rhel_e4s:9.0::appstream"],"defaultStatus":"affected","packageName":"glib2","product":"Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.68.4-5.el9_0.2","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream","cpe:/o:redhat:rhel_e4s:9.2::baseos"],"defaultStatus":"affected","packageName":"glib2","product":"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.68.4-7.el9_2.2","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:rhel_eus:9.4::baseos","cpe:/a:redhat:rhel_eus:9.4::appstream","cpe:/a:redhat:rhel_eus:9.4::crb"],"defaultStatus":"affected","packageName":"glib2","product":"Red Hat Enterprise Linux 9.4 Extended Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.68.4-14.el9_4.3","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:insights_proxy:1.5::el9"],"defaultStatus":"affected","packageName":"insights-proxy/insights-proxy-container-rhel9","product":"Red Hat Insights proxy 1.5","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"sha256:e54a5a5f9d69dd6a03e2bcd845e2202910a188d266d4a79b12c387ceffc36f2d","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"],"defaultStatus":"affected","packageName":"rhosdt/jaeger-agent-rhel8","product":"Red Hat OpenShift distributed tracing 3.6.0","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"sha256:a891aa3f77d70d9d7966dfc71ff9087f45deb95d3025072da96a3ec5220db1f3","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"],"defaultStatus":"affected","packageName":"rhosdt/jaeger-all-in-one-rhel8","product":"Red Hat OpenShift distributed tracing 3.6.0","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"sha256:d9ca4a9ec5bc8de23e4550387f822f19949cdfbc4aeeab20e07b206d92f4a426","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"],"defaultStatus":"affected","packageName":"rhosdt/jaeger-collector-rhel8","product":"Red Hat OpenShift distributed tracing 3.6.0","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"sha256:addf7b49ce99777a3bbf12c2e6678b604f3cfaf91feaaeb4192d75e902e46458","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"],"defaultStatus":"affected","packageName":"rhosdt/jaeger-es-index-cleaner-rhel8","product":"Red Hat OpenShift distributed tracing 3.6.0","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"sha256:d4ef54ac8de0eaf22e294dad8852ea8b5c20f85deb19629a3a4e0020851266c3","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"],"defaultStatus":"affected","packageName":"rhosdt/jaeger-es-rollover-rhel8","product":"Red Hat OpenShift distributed tracing 3.6.0","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"sha256:1c4617b035c66b6b34e9b19f618f72a19da5fce644d79e24eb262f14c848bc81","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"],"defaultStatus":"affected","packageName":"rhosdt/jaeger-ingester-rhel8","product":"Red Hat OpenShift distributed tracing 3.6.0","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"sha256:8c5dddd29d08fe8234edbbcda055fe6b0f9a7d7a0edfc3cd130797fdf78cce5c","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"],"defaultStatus":"affected","packageName":"rhosdt/jaeger-operator-bundle","product":"Red Hat OpenShift distributed tracing 3.6.0","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"sha256:be3feca3b19ac609e5ef829887b6d03ca3c504163ed0f9e10b2410cdfb175b72","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"],"defaultStatus":"affected","packageName":"rhosdt/jaeger-query-rhel8","product":"Red Hat OpenShift distributed tracing 3.6.0","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"sha256:3d37f30462f237f5087ef8ac90e39f5cd2cbaf5c143f7cae9d6155eb574726f2","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"],"defaultStatus":"affected","packageName":"rhosdt/jaeger-rhel8-operator","product":"Red Hat OpenShift distributed tracing 3.6.0","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"sha256:8fb68adefecd8ccb94404399ac6c8038c064c85287f4f980a0855da1cbd0dcb7","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:10"],"defaultStatus":"affected","packageName":"bootc","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:10"],"defaultStatus":"affected","packageName":"glycin-loaders","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:10"],"defaultStatus":"affected","packageName":"loupe","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:10"],"defaultStatus":"affected","packageName":"mingw-glib2","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:6"],"defaultStatus":"affected","packageName":"glib2","product":"Red Hat Enterprise Linux 6","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:7"],"defaultStatus":"affected","packageName":"glib2","product":"Red Hat Enterprise Linux 7","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:8"],"defaultStatus":"affected","packageName":"librsvg2","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:8"],"defaultStatus":"affected","packageName":"mingw-glib2","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:9"],"defaultStatus":"affected","packageName":"bootc","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:9"],"defaultStatus":"affected","packageName":"librsvg2","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:9"],"defaultStatus":"affected","packageName":"mingw-glib2","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat"}],"datePublic":"2025-05-06T00:00:00.000Z","descriptions":[{"lang":"en","value":"A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Moderate"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":4.8,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-124","description":"Buffer Underwrite ('Buffer Underflow')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-01-29T19:05:58.921Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"RHSA-2025:10855","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:10855"},{"name":"RHSA-2025:11140","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:11140"},{"name":"RHSA-2025:11327","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:11327"},{"name":"RHSA-2025:11373","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:11373"},{"name":"RHSA-2025:11374","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:11374"},{"name":"RHSA-2025:11662","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:11662"},{"name":"RHSA-2025:12275","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:12275"},{"name":"RHSA-2025:13335","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:13335"},{"name":"RHSA-2025:14988","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:14988"},{"name":"RHSA-2025:14989","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:14989"},{"name":"RHSA-2025:14990","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:14990"},{"name":"RHSA-2025:14991","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:14991"},{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2025-4373"},{"name":"RHBZ#2364265","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2364265"},{"url":"https://gitlab.gnome.org/GNOME/glib/-/issues/3677"}],"timeline":[{"lang":"en","time":"2025-05-06T00:33:30.003Z","value":"Reported to Red Hat."},{"lang":"en","time":"2025-05-06T00:00:00.000Z","value":"Made public."}],"title":"Glib: buffer underflow on glib through glib/gstring.c via function g_string_insert_unichar","workarounds":[{"lang":"en","value":"Currently, no mitigation is available for this vulnerability."}],"x_generator":{"engine":"cvelib 1.8.0"},"x_redhatCweChain":"CWE-124: Buffer Underwrite ('Buffer Underflow')"}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2025-4373","datePublished":"2025-05-06T14:48:39.264Z","dateReserved":"2025-05-06T00:35:29.069Z","dateUpdated":"2026-05-12T12:02:18.518Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-05-06 15:16:05","lastModifiedDate":"2026-05-12 13:17:21","problem_types":["CWE-124","CWE-124 Buffer Underwrite ('Buffer Underflow')"],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":2.5}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"4373","Ordinal":"1","Title":"Glib: buffer underflow on glib through glib/gstring.c via functi","CVE":"CVE-2025-4373","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"4373","Ordinal":"1","NoteData":"A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.","Type":"Description","Title":"Glib: buffer underflow on glib through glib/gstring.c via functi"}]}}}