cnvd - cnvd-2025-15357

cnvd-2025-15357

Vulnerability from cnvd

Title: GNU C库存在未明漏洞

Description:

GNU C库是GNU项目开发的C标准库实现，为Linux系统提供核心的API支持，是大多数C程序运行的基础。

GNU C库存在安全漏洞。攻击者可利用该漏洞覆盖调用者的内容，从而导致控制流被篡改或输入字符串泄露。

Severity: 中

Formal description:

目前厂商尚未发布升级程序修复该安全问题，详情见厂商官网：https://www.gnu.org/

Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=33060

Impacted products

Name
Gnu GNU C库 >=2.40

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-5745",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-5745"
    }
  },
  "description": "GNU C\u5e93\u662fGNU\u9879\u76ee\u5f00\u53d1\u7684C\u6807\u51c6\u5e93\u5b9e\u73b0\uff0c\u4e3aLinux\u7cfb\u7edf\u63d0\u4f9b\u6838\u5fc3\u7684API\u652f\u6301\uff0c\u662f\u5927\u591a\u6570C\u7a0b\u5e8f\u8fd0\u884c\u7684\u57fa\u7840\u3002\n\nGNU C\u5e93\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8986\u76d6\u8c03\u7528\u8005\u7684\u5185\u5bb9\uff0c\u4ece\u800c\u5bfc\u81f4\u63a7\u5236\u6d41\u88ab\u7be1\u6539\u6216\u8f93\u5165\u5b57\u7b26\u4e32\u6cc4\u9732\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5c1a\u672a\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51\uff1ahttps://www.gnu.org/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-15357",
  "openTime": "2025-07-09",
  "products": {
    "product": "Gnu GNU C\u5e93 \u003e=2.40"
  },
  "referenceLink": "https://sourceware.org/bugzilla/show_bug.cgi?id=33060",
  "serverity": "\u4e2d",
  "submitTime": "2025-06-13",
  "title": "GNU C\u5e93\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

CVE-2025-5745 (GCVE-0-2025-5745)

Vulnerability from cvelistv5

Published

2025-06-05 19:20

Modified

2025-06-05 20:13

Severity ?

5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Summary

The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.

References

▼	URL	Tags
	https://sourceware.org/bugzilla/show_bug.cgi?id=33060

Impacted products

	Vendor	Product	Version
	The GNU C Library	glibc	Version: 2.40 <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.6,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-5745",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-05T20:11:39.550335Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-665",
                "description": "CWE-665 Improper Initialization",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-05T20:13:51.068Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Power10"
          ],
          "product": "glibc",
          "vendor": "The GNU C Library",
          "versions": [
            {
              "status": "affected",
              "version": "2.40",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2025-06-05T02:03:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program."
            }
          ],
          "value": "The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-05T19:20:57.253Z",
        "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
        "shortName": "glibc"
      },
      "references": [
        {
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33060"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "One may disable the Power10 optimized string routines in glibc to work around this issue, by setting the \u003ccode\u003eglibc.cpu.hwcaps\u003c/code\u003e tunable. This can be done by exporting the \u003ccode\u003eGLIBC_TUNABLES\u003c/code\u003e environment variable like so:\u003cbr\u003e\u003cbr\u003e\n\n\u003ccode\u003e\nexport GLIBC_TUNABLES=glibc.cpu.hwcaps=-arch_3_1\u003c/code\u003e"
            }
          ],
          "value": "One may disable the Power10 optimized string routines in glibc to work around this issue, by setting the glibc.cpu.hwcaps tunable. This can be done by exporting the GLIBC_TUNABLES environment variable like so:\n\n\n\n\nexport GLIBC_TUNABLES=glibc.cpu.hwcaps=-arch_3_1"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
    "assignerShortName": "glibc",
    "cveId": "CVE-2025-5745",
    "datePublished": "2025-06-05T19:20:23.405Z",
    "dateReserved": "2025-06-05T19:15:09.234Z",
    "dateUpdated": "2025-06-05T20:13:51.068Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted