CVE-2025-13601

Glib: integer overflow in in g_escape_uri_string()

Description

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.

INFO

Published Date :

2025-11-26T14:44:22.680Z

Last Modified :

2026-04-19T19:38:15.168Z

Source :

redhat

AFFECTED PRODUCTS

The following products are affected by CVE-2025-13601 vulnerability.

Vendors	Products
Gnome	Glib
Redhat	Ceph Storage Codeready Linux Builder Codeready Linux Builder For Arm64 Codeready Linux Builder For Arm64 Eus Codeready Linux Builder For Ibm Z Systems Codeready Linux Builder For Ibm Z Systems Eus Codeready Linux Builder For Power Little Endian Codeready Linux Builder For Power Little Endian Eus Codeready Linux Builder For X86 64 Codeready Linux Builder For X86 64 Eus Discovery Enterprise Linux Enterprise Linux Eus Enterprise Linux For Arm 64 Enterprise Linux For Arm 64 Eus Enterprise Linux For Ibm Z Systems Enterprise Linux For Ibm Z Systems Eus Enterprise Linux For Power Little Endian Enterprise Linux For Power Little Endian Eus Enterprise Linux For X86 64 Enterprise Linux For X86 64 Eus Enterprise Linux Server Aus Enterprise Linux Server For Power Little Endian Enterprise Linux Server For Power Little Endian Eus Enterprise Linux Server Tus Hummingbird Insights Proxy Openshift Openshift Container Platform Openshift Container Platform For Arm64 Openshift Container Platform For Ibm Z Openshift Container Platform For Linuxone Openshift Container Platform For Power Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Eus Long Life Rhel Tus Rhui

Vendors

Products

Gnome

Glib

Redhat

Ceph Storage
Codeready Linux Builder
Codeready Linux Builder For Arm64
Codeready Linux Builder For Arm64 Eus
Codeready Linux Builder For Ibm Z Systems
Codeready Linux Builder For Ibm Z Systems Eus
Codeready Linux Builder For Power Little Endian
Codeready Linux Builder For Power Little Endian Eus
Codeready Linux Builder For X86 64
Codeready Linux Builder For X86 64 Eus
Discovery
Enterprise Linux
Enterprise Linux Eus
Enterprise Linux For Arm 64
Enterprise Linux For Arm 64 Eus
Enterprise Linux For Ibm Z Systems
Enterprise Linux For Ibm Z Systems Eus
Enterprise Linux For Power Little Endian
Enterprise Linux For Power Little Endian Eus
Enterprise Linux For X86 64
Enterprise Linux For X86 64 Eus
Enterprise Linux Server Aus
Enterprise Linux Server For Power Little Endian
Enterprise Linux Server For Power Little Endian Eus
Enterprise Linux Server Tus
Hummingbird
Insights Proxy
Openshift
Openshift Container Platform
Openshift Container Platform For Arm64
Openshift Container Platform For Ibm Z
Openshift Container Platform For Linuxone
Openshift Container Platform For Power
Rhel Aus
Rhel E4s
Rhel Els
Rhel Eus
Rhel Eus Long Life
Rhel Tus
Rhui

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-13601.

URL	Resource
https://access.redhat.com/errata/RHSA-2026:0936
https://access.redhat.com/errata/RHSA-2026:0975
https://access.redhat.com/errata/RHSA-2026:0991
https://access.redhat.com/errata/RHSA-2026:1323
https://access.redhat.com/errata/RHSA-2026:1324
https://access.redhat.com/errata/RHSA-2026:1326
https://access.redhat.com/errata/RHSA-2026:1327
https://access.redhat.com/errata/RHSA-2026:1465
https://access.redhat.com/errata/RHSA-2026:1608
https://access.redhat.com/errata/RHSA-2026:1624
https://access.redhat.com/errata/RHSA-2026:1625
https://access.redhat.com/errata/RHSA-2026:1626
https://access.redhat.com/errata/RHSA-2026:1627
https://access.redhat.com/errata/RHSA-2026:1652
https://access.redhat.com/errata/RHSA-2026:1736
https://access.redhat.com/errata/RHSA-2026:2064
https://access.redhat.com/errata/RHSA-2026:2072
https://access.redhat.com/errata/RHSA-2026:2485
https://access.redhat.com/errata/RHSA-2026:2563
https://access.redhat.com/errata/RHSA-2026:2633
https://access.redhat.com/errata/RHSA-2026:2659
https://access.redhat.com/errata/RHSA-2026:2671
https://access.redhat.com/errata/RHSA-2026:2974
https://access.redhat.com/errata/RHSA-2026:3415
https://access.redhat.com/errata/RHSA-2026:4419
https://access.redhat.com/errata/RHSA-2026:7461
https://access.redhat.com/security/cve/CVE-2025-13601
https://bugzilla.redhat.com/show_bug.cgi?id=2416741
https://gitlab.gnome.org/GNOME/glib/-/issues/3827
https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914
https://nvd.nist.gov/vuln/detail/CVE-2025-13601
https://www.cve.org/CVERecord?id=CVE-2025-13601

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact